https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8228-draft.pdf
Selected acronyms and abbreviations used in this paper are defined below.
API Application Programming Interface
BITAG Broadband Internet Technical Advisory Group
CSA Cloud Security Alliance
DCMS Department for Digital, Culture, Media & Sport
DDoS Distributed Denial of Service
ENISA European Union Agency for Network and Information Security
FISMA Federal Information Security Modernization Act
FOIA Freedom of Information Act
GSMA Groupe Spéciale Mobile Association
IETF Internet Engineering Task Force
IIC Industrial Internet Consortium
IoT Internet of Things
IoTSF IoT Security Foundation
IP Internet Protocol
IR Internal Report
IT Information Technology
ITL Information Technology Laboratory
LTE Long-Term Evolution
NICE National Initiative for Cybersecurity Education
NIST National Institute of Standards and Technology
OMB Office of Management and Budget
OT Operational Technology
OTA Online Trust Alliance
PII Personally Identifiable Information
RFC Request for Comments
RMF Risk Management Framework
SLA Service Level Agreement
SP Special Publications
Appendix C — Glossary
Actuating Capability
The ability to change something in the physical world.
Application Interface Capability
The ability for other computing devices to communicate with an IoT device through an IoT device application.
Capability
A feature or function.
Data Actions
“System operations that process PII.”
Data Capabilities
Capabilities that are typical digital computing functions
involving data: data storing and data processing.
Disassociability
“Enabling the processing of PII or events without association to individuals or devices beyond the operational requirements of the system.”
Human User Interface Capability
The ability for an IoT device to communicate directly with people.
Interface Capabilities
Capabilities which enable interactions involving IoT devices (e.g., device-to-device communications, human-to-device communications). The types of interface capabilities are application, human user, and network.
Network Interface Capability
The ability to interface with a communication network for the purpose of communicating data to or from an IoT device. A network interface capability allows a device to be connected to and use a communication network. Every IoT device has at least one network interface capability and may have more than one.
Personally Identifiable Information (PII)
“Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.”
PII Processing
An operation or set of operations performed upon PII that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of PII.
Post-Market Capability
A cybersecurity or privacy capability an organization selects, acquires, and deploys itself; any capability that is not pre-market.
Pre-Market Capability
A cybersecurity or privacy capability built into an IoT device
.
Pre-market capabilities are integrated into IoT devices by the manufacturer or vendor before they are shipped to customer organizations.
Problematic Data Action
A system operation that processes personally identifiable information (PII) through the information lifecycle and as a side effect causes individuals to experience some type of problem(s).
Risk
“A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically is a function of: (i) the adverse impact, or magnitude of harm, that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.”
Sensing Capability
The ability to provide an observation of an aspect of the physical world in the form of measurement data.
Supporting Capabilities
Capabilities that provide functionality that supports the other IoT capabilities. Examples of supporting capabilities are device management, cybersecurity, and privacy capabilities.
Transducer Capabilities
Capabilities that provide the ability for computing devices
to interact directly with physical entities of interest. The two types of transducer capabilities are sensing and actuating.
