United States Standards Overview
This section provides summaries of key regulations and guidance from the United States that impact the security of connected devices.
The U.S. approach to IoT security is a mix of voluntary guidance from institutions like NIST, new federal laws targeting government procurement, and emerging consumer-facing programs like the FCC Cyber Trust Mark.
| Standard | Summary | Link |
|---|---|---|
| NIST SP 800-218 (SSDF) | A framework of best practices for secure software development. | NIST SP 800-218 Overview |
| NIST IR 8259 Series | Foundational guidance and baseline capabilities for IoT device manufacturers. | NIST IR 8259 Series Overview |
| FCC Cyber Trust Mark | Voluntary labeling program to help consumers identify secure IoT products. | FCC Cyber Trust Mark Overview |
| ANSI/CTA-2088 | Industry-led baseline security capabilities for consumer IoT devices. | ANSI/CTA-2088 Overview |
| FDA Cybersecurity | Mandatory pre-market requirements for connected medical devices. | FDA Cybersecurity Overview |