Framework for Evaluation of a Cybersecurity Scheme (CTA-2119)
The NIST publication NISTIR 8425, Profile of the IoT Core Baseline for Consumer IoT Products, provides technical and non-technical requirements for a cybersecurity IoT label program. However, the NIST Criteria are intended for all industries and the language is subject to differing interpretations, and they are not explicit about how to apply the requirements in a consistent manner to a Scheme or Schemes. Industry engagement in clarifying the Criteria and their application enables real-world implementation of the requirements and provides valuable feedback to NIST.
This document provides formal, transparent and objective methods for evaluating a Scheme’s conformance with the Criteria. For example, a Scheme Owner may use this document to determine whether their cybersecurity testing Scheme meets the NIST Criteria.
