Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2025

Foundational Cybersecurity Activities for IoT Product Manufacturers | IR 8259r1 2pd
September 30, 2025

NIST is releasing the second public draft of NIST Internal Report (IR) 8259 Revision 1, Foundational Cybersecurity Activities for IoT Device Manufacturers. This document describes recommended activities related to cybersecurity for manufacturers, spanning pre-market and post-market, to help them develop products that meet their customers’ needs and expectations for cybersecurity. This draft builds on changes made in the first draft and responds to feedback primarily in

  • Splitting and adding activities to better focus attention on each separate critical activities
  • Expanding emphasis on risk assessment and threat modeling as key parts of the development process
  • Expanding the connection to other references and make connection of this document to other work more explicit

The public comment period for IR 8259r1 is open through October 31, 2025. See the publication details for a copy of the draft and instructions for submitting comments. We look forward to hearing your thoughts and comments on this draft. 

Related Topics

Security and Privacy: risk management

Applications: Internet of Things

Laws and Regulations: Internet of Things Cybersecurity Improvement Act

Activities and Products: conferences & workshops

Sectors: manufacturing

Created September 30, 2025