Changeflow GovPing Data Privacy & Cybersecurity Foundational Cybersecurity Activities for IoT P...
Routine Guidance Amended Final

Foundational Cybersecurity Activities for IoT Product Manufacturers

Favicon for csrc.nist.gov NIST Publications
Published
Detected
Email

Summary

NIST revised its foundational guidance on cybersecurity activities for Internet of Things product manufacturers, updating recommendations for activities manufacturers should consider before products reach customers. The revision supersedes the May 2020 version of IR 8259 and is published as Final.

“This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT products are sold to customers.”

NIST , verbatim from source
Published by NIST on csrc.nist.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

NIST updated IR 8259 Rev. 1 with revised recommendations for cybersecurity activities IoT manufacturers should perform before products are sold. The document supersedes the May 2020 version and provides updated guidance on helping customers mitigate cybersecurity risks.

IoT product manufacturers should review the revised guidance to understand the updated recommendations for foundational cybersecurity activities. While non-binding, the guidance aligns with the Internet of Things Cybersecurity Improvement Act and Executive Order 13800, and may be used to demonstrate cybersecurity best practices in product development.

Archived snapshot

Apr 20, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Official websites use .gov
A .gov website belongs to an official government
organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.

Information Technology Laboratory Computer Security Resource Center

  1. Publications

NIST IR 8259 Rev. 1

Foundational Cybersecurity Activities for IoT Product Manufacturers

Date Published: April 2026

Supersedes: IR 8259 (05/29/2020)

Author(s)

Michael Fagan (NIST), Katerina Megas (NIST), Barbara Cuthill (NIST), Jeffrey Marron (NIST), Brad Hoehn (HII)

Abstract

Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT products are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of compromises.

Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary...

Keywords

cybersecurity risk; Internet of Things (IoT); manufacturing; risk management; risk mitigation; securable computing devices; software development

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8259r1
Download URL

Supplemental Material:
NIST Cybersecurity for IoT Program

Publication Parts:
IR 8259A
IR 8259B

Related NIST Publications:
SP 800-213
SP 800-213A
IR 8228

Document History:
05/13/25: IR 8259 Rev. 1 (Draft)
09/30/25: IR 8259 Rev. 1 (Draft)
04/20/26: IR 8259 Rev. 1 (Final)

Topics

Security and Privacy risk management

Applications cyber-physical systems, Internet of Things

Laws and Regulations Executive Order 13800, Internet of Things Cybersecurity Improvement Act

Sectors manufacturing

Related changes

Favicon for csrc.nist.gov NIST SP 800-133 Rev. 3 Draft: Recommendation for Cryptographic Key Generation
Priority review Apr 20, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for csrc.nist.gov NIST Cybersecurity Framework 2.0 Quick-Start Guide for Organizations
Routine Apr 20, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.regulations.gov TSA Requests Comment on Cybersecurity Information Collection for Surface Transportation
Priority review Apr 16, 2026 Regs.gov: Transportation Security Administration Transportation

Get daily alerts for NIST Publications

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for csrc.nist.gov
NIST Publications csrc.nist.gov/publications
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from NIST.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
NIST
Published
April 20th, 2026
Instrument
Guidance
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
NIST IR 8259 Rev. 1
Supersedes
IR 8259 (05/29/2020)

Who this affects

Applies to
Manufacturers Technology companies
Industry sector
5112 Software & Technology
Activity scope
IoT device development Cybersecurity risk management
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Artificial Intelligence

Browse Categories

Agriculture & Food Safety 73 AI Regulation 3 Banking & Finance 382 Civil Rights 4 Consumer Protection 80 Courts & Legal 361 Data Privacy & Cybersecurity 83 Defense & National Security 53 Dentistry 1 Education 55 Emergency Management 1 Energy 99 Environment 86 Environmental & Energy 54 Environmental Regulation 7 Financial Regulation 2 Financial Services 10 Gaming 1 Gaming & Gambling 1 Government & Legislation 278 Government Operations 147 Healthcare 136 Healthcare Compliance 6 Healthcare & Life Sciences 134 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 74 Intellectual Property 1 Labor & Employment 127 Law Enforcement 1 Legal & Judicial 46 Occupational Safety 5 Pharma & Drug Safety 101 Pharma & Healthcare 1 Pharmacy 1 Privacy 1 Professional Licensing 6 Public Health 2 Public Utilities 1 Real Estate 2 Real Estate & Housing 58 Sanctions & Export Controls 2 Securities & Investments 35 Securities & Markets 103 Securities Regulation 6 Tax 64 Tax & Revenue 12 Telecom & Technology 47 Trade & Commerce 4 Trade & Sanctions 135 Transportation 90 Veterinary Boards 4

Get alerts for this source

We'll email you when NIST Publications publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!