These Are a Few of Our Favorite IoT: NIST Finalizes Internet of Things Cyber Guidance
Client Alert | 1 min read | 07.02.19
NIST has finalized Internet of Things (IoT) risk management guidance, which derived from a draft publication. The guidance informs government agencies how to understand and manage IoT risks throughout device lifecycles. Industry can anticipate government focus on three high-level goals:
- Device security;
- Data security; and
- Individual privacy.
The publication highlights three differences between managing risks for IoT devices and conventional information technology devices:
- IoT devices interact with the physical world differently than conventional devices;
- IoT devices cannot be accessed and monitored the same as conventional devices; and
- The availability and effectiveness of cybersecurity and privacy capabilities are different for IoT devices than conventional devices.
While not mandatory, the guidance provides useful considerations for IoT cybersecurity and privacy risk management.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 1 min read | 07.08.26
CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117
As part of its ongoing effort to conform the Cost Accounting Standards (“CAS”) to generally accepted accounting principles (“GAAP”), the CAS Board published a final rule rescinding CAS 408 (Accounting for costs of compensated personal absence) and CAS 411 (Accounting for acquisition costs of material). The CAS Board also rescinded CAS 404 (Capitalization of tangible assets) and CAS 409 (Depreciation of tangible capital assets) but retained certain requirements of CAS 404 and 409, which will be located in new paragraphs of CAS 405 (Accounting for unallowable costs). Specifically, the CAS Board retained the requirements currently located at CAS 404-50(d)(1), CAS 409-50(e)(5), CAS 409-50(j)(1), and CAS 409-50(j)(4), which the CAS Board explained are necessary to protect the Government’s interests. Otherwise, the CAS Board determined that the requirements of CAS 404, 408, 409, and 411 overlapped with GAAP such that GAAP “may be applied reasonably as a substitute for CAS to support contract cost and pricing.”
Client Alert | 1 min read | 07.08.26
Crowell & Moring and Crowell GovCon Strategies at Farnborough International Airshow 2026
Client Alert | 7 min read | 07.08.26
Illinois Imposes Transparency and Safety Obligations on Frontier AI Systems
Client Alert | 10 min read | 07.08.26
Proactive Compliance in Health Care: “Getting Ahead” of Enforcement in 2026 and Beyond

