United States of America: National Institute of Standards and Technology opened consultation on Foundational Cybersecurity Activities for Internet of Things product manufacturers

National Institute of Standards and Technology opened consultation on Foundational Cybersecurity Activities for Internet of Things product manufacturers

On 30 September 2025, the National Institute of Standards and Technology opened a public consultation on Foundational Cybersecurity Activities for Internet of Things (IoT) product manufacturers, until 31 October 2025. The draft sets out nine activities to improve IoT product security before and after sale. It expands guidance on risk assessment, threat modelling, and links to other frameworks. IoT manufacturers are urged to provide both technical and non-technical safeguards, including updates and vulnerability disclosure.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

technological consumer goods

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2025-09-30

in consultation

On 30 September 2025, the National Institute of Standards and Technology opened a public consultati…

2025-10-31

processing consultation

On 31 October 2025, the National Institute of Standards and Technology closes the public consultati…

Description

National Institute of Standards and Technology opened consultation on Foundational Cybersecurity Activities for Internet of Things product manufacturers

Scope

Complete timeline of this policy change