NIST 8259 banner

NIST IR 8259 Testing

As security breaches are making the headlines of newspapers almost every week, consumers and regulators are paying more and more attention to the security of IoT devices. National governments in various regions across the world are formulating and promulgating new IoT security regulations. Improving the security of your products to meet the new and upcoming regulations such as NIST IR 8259 will help your company decrease the risk of financial cost and bad publicity associated with cyber security and data breach.

What is NIST IR 8259?

In January 2020 the National Institute of Standard and Technologies (NIST), affiliated to the U.S Department of Commerce, released the second edition of the NIST 8259:  Foundational Activities and Core Device Cybersecurity Capability Baseline is voluntary and have recommended activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers.

In December 2020, the IoT Cybersecurity Improvement Act became a law in USA : It mandates that all government agencies shall not obtain IoT device that doesn’t comply with NIST 8259 guideline.

This technical guide can be used for IoT products comply to with the requirements of the California and Oregon Connected Device Information Privacy Protection Act which covers: 

  • Device identification, as the identity of the device, to achieve management of the device (to prevent device forgery) 
  • Security configuration of the device. The authorized entity configures the security parameters of the device to ensure the security of the device. 
  • Data protection, protection of user data, security configuration data from transmission to storage, preventing data leakage/tampering 
  • Logical access to interface authorization, requiring authorization mechanisms to be deployed on logical interfaces to prevent unauthorized malicious access 
  • Software/firmware upgrades that require a secure upgrade process to prevent an attacker from performing malicious firmware/software updates on the device resulting in further network security events 
  • Security event log, which requires the implementation of security event log capability to implement network security events/hazards and vulnerability patch management capabilities. 


OUr services at a glance

Our experts are intimately familiar with the cyber fraud and data privacy regulations in specific markets and a deep understanding of the cyber threat field, working with customers around the world to fully unlock the potential of the digital future. Cyber security and data protection are one of our core capabilities. From product design, manufacturing to operations, we provide you with intimate support at every step to reduce the cybersecurity and data privacy disclosure risk. 

Below is a quick overview of the services that TÜV SÜD provides: 

  • NIST 8259 Test report and AoC 
  • ETSI EN 303 645 testing service 
  • IoT basic security check 
  • Penetration Test & Vulnerability Scanning 
  • Code Review 
  • Data protection assessment to support your GDPR compliance 

Why IS NIST IR 8259 important?

A NIST certification is important as it is one of the most comprehensive and widely accepted roadmap available at the moment for manufacturers to help protect their customers from numerous increasingly sophisticated cybersecurity threats. It is also an indicator of confidence for consumers who might not know the technicalities of cybersecurity for products to recognise that products that have been through NIST IR 8259 cybersecurity test has met some cybersecurity standards to ensure a degree of safety from cyber threats.

Why choose TÜV SÜD for NIST IR 8259 testing?

TÜV SÜD has multiple information security testing centers around the world to provide customers with optimized information security testing solutions and information security certifications. Our cyber security expert team is constantly learning the latest network security vulnerabilities and defense technologies. Senior experts play an active role in the standardization committee and international industry activities, understand the latest industry development trends, provide enterprises with more information security related tests services to reduce the risk of business information technology systems.

Your benefits at a glance

  • Gain competitive edge - by certifying your products as it is critical in competing with other well-established security products have already been evaluated.
  • Minimise risks - by certifying your products with a well-established cybersecurity standard such as NIST IR 8259. 
  • Proof of quality - by signaling to customers the cybersecurity of your products.


Consumer Products and Retail Essentials

Consumer Products & Retail Essentials

Consumer trust is key when you manufacture or retail products that are part of everyone’s daily life

Learn more

Consumer IoT Security

Consumer IoT Security

How can we ready ourselves in the face of cyber attacks?

Learn more

Wearable Devices
White paper

Wearables: Safety beyond compliance

Understand the tests needed for the safety and reliability aspects

Learn more

Introduction to IoT vulnerabilities teaser

Next Steps

Site Selector