These Are a Few of Our Favorite IoT: NIST Finalizes Internet of Things Cyber Guidance

Client Alert | 1 min read | 07.02.19

NIST has finalized Internet of Things (IoT) risk management guidance, which derived from a draft publication. The guidance informs government agencies how to understand and manage IoT risks throughout device lifecycles. Industry can anticipate government focus on three high-level goals:

Device security;
Data security; and
Individual privacy.

The publication highlights three differences between managing risks for IoT devices and conventional information technology devices:

IoT devices interact with the physical world differently than conventional devices;
IoT devices cannot be accessed and monitored the same as conventional devices; and
The availability and effectiveness of cybersecurity and privacy capabilities are different for IoT devices than conventional devices.

While not mandatory, the guidance provides useful considerations for IoT cybersecurity and privacy risk management.

Contacts

Cheryl A. Falvey
Partner
- Washington, D.C.
  - D | +1.202.624.2675
Y2ZhbHZleUBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 04.14.26

DOJ’s False Claims Act Resolution Against IBM Signals Heightened Risk for Federal Contractors with DEI Programs

On Friday, April 10, 2026, the U.S. Department of Justice (DOJ) announced that International Business Machines Corporation (IBM) has agreed to pay just over $17 million to resolve allegations that it violated the False Claims Act (FCA) by failing to comply with federal anti-discrimination requirements incorporated into its federal contracts due to allegedly discriminatory diversity, equity, and inclusion (DEI) employment practices. This resolution marks the first FCA settlement secured by the DOJ under its Civil Rights Fraud Initiative, created in May 2025, and announced by then-Deputy Attorney General Todd Blanche as part of the administration’s coordinated efforts to target allegedly unlawful DEI practices. Per the agreement, the settlement is neither an admission of liability by IBM nor a concession by the United States that its claims are not well founded....

Client Alert | 4 min read | 04.14.26
FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures
Client Alert | 5 min read | 04.14.26
OFSI Imposes £390,000 Penalty on Apple Subsidiary for Russian Sanctions Breaches: Key Compliance Takeaways
Client Alert | 4 min read | 04.14.26
SBIR/STTR Programs Reauthorized After Six-Month Lapse

View All Insights