IT0102-HSC-E Internet Of Things Security

Responsible Office: Office of Cybersecurity

Last Review: 03/01/2025

Next Review: 03/01/2027

Contact: Chris Madeksho

Phone: 901.448.1579

Email: mmadeksh@uthsc.edu

Purpose

To ensure the confidentiality, integrity, and availability of the University’s IT Resources by regulating the controlled use of Internet of Things (IoT) devices and connecting them to the appropriate University network.

Scope

All IoT devices that reside on the University of Tennessee Health Science Center (UTHSC) network (wired and wireless).

Definitions

IT Resources – Computing, networking, communications, applications, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Internet of Things – Physical objects (e.g., vehicles, appliances, lab or medical equipment, and other items embedded with electronics, software, sensors, actuators) that communicate, sense, or interact with their internal states or the external environment via network connectivity.

Standard

University-owned IoT devices must adhere to NISTIR 8259A IoT Cybersecurity Capability Core Baseline.
IoT devices must be installed and maintained using the Information Security Requirements Guidance.
IoT devices must comply with all University information security standards such as, but not limited to, Network Security, Access Control, Data & System Categorization, Vulnerability Management, and Password Management.
IoT devices will be connected to the appropriate controlled network segment.
IoT networks must be monitored to identify abnormal traffic and emergent threats.

Policy History