Industry Standards


Due to the complexities involved in managing the security of IoT devices, as well as the high-value nature of many of the assets connected as part of some IoT solutions, standardization of best practices has proliferated. This effort involves both public and private bodies, and currently is largely voluntary. However, without sufficient industry-led management of IoT security, it is likely that regulation of the technology will become onerous.

The literature on IoT-related standards is complex and frequently industry-specific. However, there are many commonalities between different recommendations. A unified network security management approach like the Xaptum ENF is intended to satisfy such best practices.

This document is intended to provide some useful pointers into the vast body of standards. It is, of course, non-exhaustive.


NIST (National Institute of Standards and Technology)

  • CSF (Cyber Security Framework)
    • A policy framework of computer security guidance on preventing, detecting, and responding to cyber attacks
  • NISTIR 8228
    • Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
  • NIST SP 800-53
    • Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST SP 800-63B
    • Digital Identity Guidelines: Authentication and Lifecycle Management
  • NIST 800-113
    • Guide to SSL VPNs

NERC/FERC (North American Electric Reliability Corporation and Federal Energy Regulatory Commission)

These public (FERC) and private (NERC) entities provide standards/regulations for the energy industry. The guidelines are also useful in other critical infrastructure industries.

Didn't find what you were looking for?

Contact us and we’ll get back to you as soon as possible.

Contact Us