Business Rules and Recommended Practices for IoT

BR-IoT-1: CMS IoT Platforms Must Comply with CMS Requirements for CMS Processing Environments

Any IoT platform that qualifies as a CMS Processing Environment must comply with the CMS TRA, ARS, RMH, and all HHS and CMS security and privacy requirements.

RP-IoT-1: CMS-Managed IoT Devices Should Comply with NIST SP 1800-15 and the Latest MUD Specifications

Encouraging the use of draft Cybersecurity Practice Guide, NIST SP 1800-15 with MUD specifications as a framework by manufacturers is one way to assist with this communication issue and to reduce security concerns.