The US National Institute of Standards and Technology (NIST) publishes a final IoT guidance to federal organizations to support their risk management process when including IoT devices in federal systems. This guidance enables understanding and defining IoT device cybersecurity requirements (NIST SP 800-213) using an accompanying catalog (NIST SP 800-213A). This publication contains background and recommendations to help organizations consider how an IoT device they plan to acquire can integrate into a system. This publication provides guidance on considering system security from the device perspective. The guidance allows identifying device cybersecurity requirements-the abilities and actions an organization will expect from an IoT device and its manufacturer and/or third parties, respectively.