NIST Updates Boost IoT Privacy And Security

While marketers and promoters bask in and expound the great abundance they would like to associate with the Internet of Things (IoT), it’s very easy for all involved to get distracted from the most basic and most important human qualities. Right now, personal privacy and security should be the number one priority of all, from consumers to tech pros. These are the only qualities of life one still has the choice to either retain or, foolishly, relinquish.


It is true that the IoT will provide many good and great things from e-commerce to personal fitness and healthcare, and just about everything in between. It also stands to reason that anything on and/or related to the internet provides equal, if not greater opportunities for those who have their “personal abundance” in mind.

Fierce AI Week

Register today for Fierce AI Week - a free virtual event | August 10-12

Advances in AI and Machine Learning are adding an unprecedented level of intelligence to everything through capabilities such as speech processing and image & facial recognition. An essential event for design engineers and AI professionals, Engineering AI sessions during Fierce AI Week explore some of the most innovative real-world applications today, the technological advances that are accelerating adoption of AI and Machine Learning, and what the future holds for this game-changing technology.

Keeping a focus on these issues, NIST offers a new draft revision of its Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Formulated by a collaboration of civil, defense and intelligence communities, the revision represents an ongoing effort to produce a unified information security framework for the federal government. NIST says the latest draft goes beyond both information security and the federal government to address ways various organizations can maintain security and privacy in their interconnected systems.


NIST fellow and leader of the task force that updated the publication Ron Ross says,

“Revision 5 takes the guidance in new directions—we are crafting the next-generation catalog of controls that can also be applied to secure the Internet of Things.” Privacy is now fully integrated throughout the new draft, a first for any control catalog. “This revision covers the overlap in security and privacy for systems, as well as the ways in which they are distinct,” said NIST senior privacy policy advisor Naomi Lefkovitz. “It also enhances the ability for both professional teams to collaborate yet still maintain their respective authorities.”


SP 800-53 Revision 5 adds two new control families that focus solely on privacy; the remaining privacy controls are integrated throughout the rest of the control families. For example, one privacy control addresses the data captured by sensors such as those used in traffic-monitoring cameras in smart cities. The control advises configuring such sensors in a way that minimizes their capturing data about individuals that’s not necessary for the traffic-monitoring system to carry out its function.


While previous versions targeted federal agencies, other organizations, particularly industry, are voluntarily adopting SP 800-53. The controls have been updated to address the needs of a more diverse user group, including enterprise-level security and privacy professionals, component product developers, and systems engineers who are now working on privacy and security.


For example, an IT system may employ cameras. Security experts determine security controls for the camera sensor, while privacy professionals decide on privacy controls such as a control to preserve a passerby’s privacy. Also, the control selection process is now separated from the security control catalog and included in the NIST Risk Management Framework, described in NIST Special Publication 800-37, so that organizations outside of the federal government can more easily use the NIST controls with the frameworks they currently use, such as ISO 270001 and the Framework for Improving Critical Infrastructure Cybersecurity, also known as the Cybersecurity Framework.


The authors also request comments on the Revision 5 draft by September 12, 2017. If this interests you, and indeed it should, you can easily, without having to fill in a form, download a copy of Draft NIST Special Publication 800-53, Revision 5 - Security and Privacy Controls for Information Systems and Organizations. And remember; take care of your personal privacy and security by reading more.

Suggested Articles

Power management is critical for many products. One expert advises pushing complexity to areas where energy is less of a concern.

HP leads the pack, but Apple sees 36% surge in notebooks, desktops compared to a year ago

New York City residents moving upstate will give hundreds of towns extra tax revenue to invest in new streetlights with IoT sensors, NYPA foresees