NIST SP 800-213 Rev. 1 (Initial Public Draft) — IoT Product Cybersecurity Guidelines for the Federal Government

NIST published the Initial Public Draft (IPD) of SP 800-213 Revision 1, 'IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements', on 24 June 2026. Authors: Fagan, Megas, Marron, Brady, Cuthill (NIST). The draft focuses on integrating IoT products into federal information systems via the Risk Management Framework, covering risk assessment impacts and control allocation when new IoT products are added. Public comments are due by 24 August 2026.

SP 800-213 is the primary NIST guidance for federal IoT product cybersecurity acquisition and integration. This revision updates the framework in the context of growing device complexity and the federal mandate to secure IoT. As IoT increasingly intersects with AI (smart sensors, edge AI), this draft shapes procurement security requirements for federal agencies and their suppliers — and sets a baseline that industry broadly tracks.

Review the IPD and submit comments by 24 August 2026. Organisations supplying IoT products to the US federal government should assess alignment of their cybersecurity baselines with the updated requirements.