Other agencies in the US federal government have already issued guidelines and recommendations for a litany of technologies surrounding IoT. Most notable is the National Institute for Standards and Technology (NIST), which has produced several documents and guides for the security of connected devices. They also maintain national and internationally recognized standards regarding security. Supporting material can be found at http://csrc.nist.gov. Several important documents relating to cryptography and FIPS standards are listed here:
- NIST Special Publication 800-121 Revision 2, Guide to Bluetooth Security. This specifies a set of recommended security provisions for Bluetooth Classic and Bluetooth BLE: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-121r2.pdf.
- NIST Special Publication 800-175A, Guidelines for Using Cryptographic Standards in the Federal Government: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175A.pdf.
- NIST FIPS standards: https://csrc.nist.gov/publications/search?requestSeriesList=3&requestStatusList=1,3&requestDisplayOption=brief&requestSortOrder=5&itemsPerPage=All.
The Department of Homeland Security provides operational binding directives for all federal agencies in terms of national security including in the area of information technology. Recent directives include 18-01, which mandates "cyber hygiene" through email policies, key management, Domain-based Message Authentication, Reporting, and Conformance (DMARC), web security using HTTPS only, and other similar actions. DHS is also involved in prescriptive guidance for Congress, other agencies, and the private sector regarding cybersecurity standards: https://www.dhs.gov/topic/cybersecurity.
The US-CERT or Computer Emergency Response Team is also critical for anyone concerned about security. The US-CERT has been chartered with finding, isolating, informing, and stopping cybersecurity threats on a national basis since 2000. They provide digital forensics, training, real-time monitoring, reports, and actionable defenses for known zero-day exploits and active security threats. Current active alerts and mitigations can be found here: https://www.us-cert.gov/ncas/alerts.