What is NISTIR 8259A?

NISTIR 8959A defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of the publication is to provide organizations a starting point to use in identifying the device cybersecurity capabilities for new IoT devices they will manufacture, integrate, or acquire.

IoT device security controls in NISTIR 8259

The publication has defined the following 6 sets of device capabilities generally needed to support commonly used cybersecurity controls that protect devices as well as device data, systems, and ecosystems.

  1. Device Identification: The IoT device can be uniquely identified logically and physically.
  2. Device Configuration: The configuration of the IoT device’s software can be changed, and such changes can be performed by authorized entities only.
  3. Data Protection: The IoT device can protect the data it stores and transmits from unauthorized access and modification.
  4. Logical Access to Interfaces: The IoT device can restrict logical access to its local and network interfaces, and the protocols and services used by those interfaces, to authorized entities only
  5. Software Update: The IoT device’s software can be updated by authorized entities only using a secure and configurable mechanism.
  6. Cybersecurity State Awareness: The IoT device can report on its cybersecurity state and make that information accessible to authorized entities only

The challenges to check the capabilities:

From those categories, category number 1 and 6 are pretty easy and straightforward to check by just looking into the IoT system and checking if those capabilities exist there. However, the other 4 categories are not fully straightforward to check even by the developers because not only those capabilities need to exist but also they have to be implemented in a secure way. As such a simple programming mistake or not being fully aware of secure coding best practices or security capabilities of each IoT protocol or the SDK could result in insecure implementation of those capabilities.

How can Firmalyzer help?

Firmalyzer provides an automated firmware security analysis engine for bare-metal and monolithic firmwares that enables device manufacturers and security testing labs to perform automated security analysis without access to the firmware source code. With a combination of static code analysis and targeted code emulation, Firmalyzer can discover the following classes of vulnerabilities:

  • Insecure use of vendor SDK APIs such as Bluetooth Low Energy functions
  • Potential memory corruption vulnerabilities such as buffer overflows, out-of-bounds read and writes and format string bugs
  • Integer overflow and underflow issues
  • Use after free and double free vulnerabilities
  • Insecure use of cryptographic algorithms
  • Insecure privileged mode services
  • Disabled SoC/MCU security features such as secure-debug and secure-boot
  • Outdated vendor SDK or RTOS