IoT Security Maturity Model (SMM) NIST Cybersecurity Framework 1.1 Mapping


The NIST Cybersecurity Framework and the IoT Security Maturity Model (SMM) provide different approaches to achieving appropriate security and can be used together to effectively achieve security maturity. This material provides guidance on relating the two approaches.

Target audience

This document is intended for organizations who wish to improve the security maturity of their organization and wish to use and relate the NIST Cybersecurity Framework guidance to the Industry IoT Consortium (IIC) IoT Security Maturity Model (SMM).

Executive Overview

The NIST Cybersecurity Framework is intended to help organizations start or improve their cybersecurity programs. The IoT Security Maturity Model helps organizations determine priorities to drive their security enhancements making it possible for the mechanisms and procedures to fit the organization’s goals without going beyond what is necessary. The implementations of security mechanisms and processes are considered mature if they are expected to be effective in addressing those goals. It is the security mechanisms’ appropriateness in addressing the goals, rather than their objective strength, that determines the maturity.

The NIST Cybersecurity Framework guidance can be used in conjunction with the IoT Security Maturity Model to improve security maturity and address security concerns relevant to organizations in an appropriate manner. This submission and associated mapping document relates the two approaches, exposing both commonality and areas where each contributes further to the other. In addition, both the NIST Cybersecurity Framework and the SMM offer mappings to 62443 enabling organizations to understand requirements and controls useful for achieving their objectives.

This material is relevant to parties starting with the NIST CSF or with the SMM and then using the other to achieve additional benefits, as well as using both together.

Excel Submission


SMM NIST CyberSecurity Framework 1.1. Mappings Whitepaper


NIST Cybersecurity Framework 2.0

Although these mappings are provided for the NIST Cybersecurity Framework 1.1 they mention the availability and relevance of the NIST Cybersecurity Framework 2.0. An update is anticipated to provide a detailed 2.0 mapping in the future.