A collection of policy, guidance and best practices documents for Internet Protocol version 6 (IPv6) and Internet of Things (IoT) (which have also been called Smart Objects, Things, or Devices) in 3 parts. (Additional information about security and cybersecurity may also be found in the IPv6 and IoT Security Best Practices article of the Security section and the Secure Cloud Computing topic of the Cloud Computing using IPv6 article in the Infrastructure section.)
Part 1: United States (US) Federal government (other than the DoD) organizations documents
Part 2: US Department of Defense (DoD) organizations documents
Part 3: US Non-government and State and Local government organizations documents
Part 1: United States (US) Federal government (other than the DoD) organizations documents
Office of the President
International Strategy for Cyberspace, May, 2011
Executive Order 14028 “Improving the Nation’s Cybersecurity", May, 2021
National Cybersecurity Strategy, Mar, 2023
National Cybersecurity Strategy Implementation Plan, July, 2023
Office of Management and Budget (OMB)
Administrator, Office of E-Government and Information Technology
M-22-09 Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, Jan, 2022
Memorandum M-05-22 of August 2, 2005. [Rescinded Nov, 2020, by OFCIO Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6).]
Improving Agency Performance Using Information and Information Technology (Enterprise Architecture Assessment Framework v3.1), June, 2009
Management and Oversight of Federal Information Technology, June, 2015
Circular A-130 Managing Information as a Strategic Resource revised July 28, 2016 (Section 5.i Leveraging the Evolving Internet)
Deputy Director for Management
Council of the Inspectors General on Integrity and Efficiency
Office of the Federal Chief Information Officer (OFCIO)
Transition to IPv6, Sept, 2010. [Rescinded Nov, 2020, by OFCIO Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6).] An updated Frequently Asked Questions (FAQ) for the Transition to IPv6 can be found here. The original FAQ for the Transition to IPv6 is available here.
Memorandum M-17-06 Policies for Federal Agency Public Websites and Digital Services, Nov 8, 2016
Federal Cloud Computing Strategy, Jun 24, 2019
White Paper: Networks of the Future, Dec 2, 2019
Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6), Nov, 2020. The FAQ for M-21-07 can be found here.
(OMB and CISA also maintain a zerotrust.cyber.gov website containing Zero Trust guidance documents.)
Chief Information Officers (CIO) Council
CIO.gov website
Cloud Operations Best Practices & Resources Guide, Oct, 2023
Federal CIO Handbook, Mar, 2021
Federal Small Agency CIO and IT Executive Handbook, Apr, 2023
Federal IPv6 Task Force
IPv6 Transition Guidance, Feb, 2006. Note: An expanded outline of Section 4.2 Components of an IPv6 Transition Plan of this document can be found here
Demonstration Plan to Support Agency IPv6 Compliance, Jan, 2008
Planning Guide/Roadmap Toward IPv6 Adoption within the US Government, July, 2012. [Rescinded Aug, 2018, by OMB Memorandum M-18-23 Shifting From Low-Value to High-Value Work.] An updated FAQ can be found here. The original 2011 FAQ is available here.
Zero Trust Cybersecurity Current Trends report by the American Council for Technology-Industry Advisory Council (ACT-IAC), Apr, 2019
Federal IPv6 Transition Best Practices, Ralph Wallace (by permission of the author), Feb, 2021
Guidance for Program Management of Agency Transition to an IPv6-only Environment, Apr, 2021 (authentication required)
The CIO Council Federal IPv6 Task Force also maintains a comprehensive Federal IPv6 transition FAQ, a collection of M-21-07-specific Implementation Artifacts to assist agencies in their implementation of IPv6 (authentication required), a collection of key documents and resources (authentication required) specific to the deployment of IPv6 and a collection of recommended documents related to IPv6
Centers for Medicare and Medicaid Services (CMS)
(see HHS Policy for the Transition to Internet Protocol version 6 (IPv6) under Department of Health and Human Services)
Commodity Futures Trading Commission (CFTC)
Transition to Internet Protocol version 6 (IPv6), July, 2018
Congress of the United States of America
Internet of Things Cybersecurity Improvement Act of 2020, Dec, 2020
Department of Commerce (DoC)
Transition to Internet Protocol Version 6 (IPv6) Policy, Sept, 2021
(Note: Several federal Bureaus and Offices are part of the DoC. For example, NIST and the National Oceanic and Atmospheric Administration (NOAA) are part of the DoC.)
Department of Education (ED)
Enterprise Architecture Program Office
Enterprise Transition Strategy Plan, Feb, 2008, Section 9.0 IPv6 Transition Strategy and Milestones
IPv6 Transition Guide, Version 2.0, April, 2011
Office of the Chief Information Officer (OCIO)
Transition to Internet Protocol version 6 (IPv6), May, 2021
Information Assurance Services (IAS)
Security and Privacy Requirements for Information Technology Procurements, Sept, 2020, Section 2.5
Department of Energy (DoE)
Department of Energy Acquisition Letter Al-2010-06, May, 2010
Department of Energy Complete Transition to Internet Protocol Version 6 (IPv6) Interim Solution, May, 2021
Department of Energy IPv6 Best Practices, Apr, 2012
Department of Energy Order 200.1A Information Technology Management, Aug, 2023
Federal Energy Regulatory Commission (FERC)
Internet Protocol version 6 (IPv6) Policy, Feb, 2024
Department of Health and Human Services (HHS)
Complete Transition to IPv6, May, 2021
HHS Policy for the Transition to Internet Protocol version 6 (IPv6), Aug, 2021
Department of Homeland Security (DHS)
Securing the Internet of Things, Nov, 2016
Cybersecurity Strategy, May, 2018
The Industrial Internet of Things (IIOT): Opportunities, Risks, Mitigation, Dec, 2019
Deputy Undersecretary for Management
DHS Transition to Internet Protocol Version 6 (IPv6), May, 2021
Office of Inspector General
DHS Must Address Internet Protocol Version 6 Challenges, May, 2008
Cybersecurity and Infrastructure Security Agency (CISA)
The Internet of Things: Impact on Public Safety Communications, Mar, 2019
Internet of Things Tip Sheet, Dec, 2019
Internet of Things Security Acquisition Guidance, Feb, 2020
Cybersecurity Best Practices For Industrial Control Systems, May, 2020
High Value Asset Control Overlay Version 2.0, Jan, 2021
Reducing the Significant Risk of Known Exploited Vulnerabilities, Binding Operational Directive (BOD) 22-01, Nov, 2021
Internet Protocol Version 6 Considerations for Trusted Internet Connections 3.0, Jan, 2022
Binding Operational Directive 23-01, Oct, 2022
Binding Operational Directive 23-01 Implementation Guidance, Oct, 2022
Zero Trust Maturity Model (version 2), Apr, 2023
Secure Cloud Business Applications, Hybrid Identity Solutions Guidance, Mar, 2024
Shields Up Technical Guidance, ongoing
5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance, Aug, 2022
Cybersecurity Directives (A listing of CISA Emergency and Binding Operational Directives.)
Secure Cloud Business Applications (SCuBA) Project (A listing of guidance documents to secure agencies’ business applications environments)
(OMB and CISA also maintain a zerotrust.cyber.gov website containing Zero Trust guidance documents.)
US Joint Ransomware Task Force (JRTF)
#StopRansomwareGuide, Oct, 2023
National Security Telecommunications Advisory Committee (NSTAC)
Report to the President on Internet and Communications Resilience, Nov, 2017
Department of Justice (DoJ)
Securing your “Internet of Things” Devices, July, 2017
Department of Justice transition to Internet Protocol version 6 (IPV6), Feb, 2021
Department of State (DoS)
Department of State Internet Protocol version 6 (IPv6) Policy Statement, Sept, 2021
Department of Transportation (DoT)
Internet Protocol version 6 (IPv6) Implementation Policy, May 2021
Federal Aviation Administration (FAA)
Internet Protocol version 6 (IPv6) Guidance, June, 2006
FAA Internet Protocol Version 6 (IPv6) and Internet Protocol Version 4 (IPv4) Policy and Strategy, May, 2021
Federal Transit Administration (FTA)
Report to Congress on Internet of Things, Feb, 2017
Department of Veterans Affairs (VA)
Department of Veterans Affairs Enterprise Architecture Guidance for the VA IPV6 Network Transition, Jan, 2006
Department of Veterans Affairs Transition Plan for IPV6, Version 3.00, March, 2009
Department of Veterans Affairs IPv6 Applications Testing Best Practices, Jun, 2010
Department of Veterans Affairs IPv6 Transition Guide, Jun 2023
Mobility Impact of Internet of Things (IoT), Nov, 2016
VA Internet Protocol Version 6 (IPv6) Transition Procedures (VIEWS 05135661), May, 2021
VA Internet Protocol version 6 (IPv6) Transition Policy, Nov, 2022
Virtual Office of Acquisition
Public Document Library (VA IPv6 policy documents)
Export-Import Bank of the United States (EXIM)
EXIM Internet Protocol Version 6 (IPv6) Compliance Policy, Oct, 2021
Federal Acquisition Regulation (FAR) staff
Internet Protocol Version 6 (IPv6), Dec, 2009 parts 7, 11, 12, and 39 as amended. (The NIST Special Publications for Profile for IPv6 and UGSv6 Test Methods referenced in the amended part 11 may be found in the NIST section below.)
Federal Communications Commission (FCC)
Potential Impacts on Communications From IPv4 Exhaustion & IPv6 Transition, Dec, 2010
FCC Information Technology (IT) Internet Protocol version 6 (IPv6) Compliance Policy, Apr, 2021
FCC IT IPv6 Procurement Checklist, Apr, 2021
FCC IT IPv6 Implementation Plan and Checklist (draft), Oct, 2021
Federal Retirement Thrift Investment Board (FRTIB)
FRTIB IPv6 Policy, Mar, 2021
Federal Trade Commission (FTC)
Internet of Things: Privacy & Security in a Connected World, Nov, 2013
Careful Connections: Keeping the Internet of Things Secure, Sept, 2020
U.S. Federal Trade Commission Transition to Internet Protocol version 6 (IPv6), Sept, 2021
General Services Administration (GSA)
GSA Acquisition Manual (GSAM), Section 511.170 Information Technology Coordination and Standards Part (d), Apr, 2023
GSA and IPv6 White Paper, Feb, 2004
Internet Protocol version 6 (IPv6) Policy (internal GSA policy), May, 2022
GSA Cybersecurity. An ongoing collection of products, services, programs and policy documents
The GSA also maintains a webpage containing a collection of IPv6 contracting resources
Government Accountability Office (GAO)
INTERNET PROTOCOL VERSION 6: Federal Agencies Need to Plan for Transition and Manage Security Risks, GAO-05-471, May, 2005
INTERNET PROTOCOL VERSION 6 Federal Government in Early Stages of Transition and Key Challenges Remain, GAO-06-675, June, 2006
Technology Assessment: The Technology of Things, GAO-17-75, May, 2017
Internet of Things: Enhanced Assessments and Guidance are Needed to Address Security Risks in DOD, GAO-17-668, July, 2017
Critical infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid, GAO-19-332, Aug, 2019
DoD Needs to Improve Transition Planning, GAO-20-402, June, 2020
Internet of Things: Information on Use by Federal Agencies, GAO-20-577, Aug, 2020
Secret Service Has Made Progress Toward Zero Trust Architecture, but Work Remains, GAO-23-105466, Nov, 2022
Internal Revenue Service (IRS) (see the US Treasury)
Millennium Challenge Corporation
Internet Protocol Policy, Jul, 2021
National Aeronautics and Space Administration (NASA)
NASA Integrated Communication Services (NICS) IPv6 Best Practices Guide, Apr, 2014
Status of NASA's Transition To Internet Protocol Version 6 (IPV6), Sept, 2010
Policies to Ensure IPv6 Compliance in acquiring Information Technology (IT), May, 2016
Complete Transition to Internet Protocol version 6 (IPv6), May, 2021
National Archives and Records Administration (NARA)
Office of Inspector General (OIG)
Audit of NARA's Transition to Internet Protocol Version 6, March, 2009
NARA 803, Internet Protocol Version 6 (IPv6) Policy, May, 2021
National Institute for Standards and Technology (NIST)
Planning Report 05-2, IPv6 Economic Impact Assessment Final Report, Oct, 2005 (A related article: Could IPv6 Improve Network Security? And If So, at What Cost?, Jun, 2005)
A Profile for IPv6 in the U.S. Government – Version 1.0, Special Publication 500-267, July, 2008 [Superseded Nov, 2020, by SP 267Br1]
USGv6 Test Methods: General Description and Validation - Version 2.0, Special Publication 500-273, Nov, 2009 [Superseded Nov, 2020 by SP 500-281Br1]
NIST Networks of ‘Things’ Special Publication 800-183, Jul, 2016
List of Standards and Guidance cited in NIST Privacy Framework Request for Information (RFI) Responses, Feb, 2019
NIST Zero Trust Architecture Special Publication 800-207, Aug, 2020
The NIST Cybersecurity Framework (CSF) 2.0, Feb, 2024
NIST Federal Information Processing Standards (FIPS) 197, Advanced Encryption Standard (AES), May, 2023
NIST IPv6 Profile, Special Publication 500-267Ar1, Nov, 2020
NISTv6 Capabilities Table, Special Publication 500-267Ar1s, Nov, 2020
A Preliminary Update from the Internet of Things Federal Working Group, Jul, 2023
USGv6 Profile, Special Publication 500-267Br1, Nov, 2020
USGv6 Capabilities Table, Special Publication 500-267Br1s, Nov, 2020
USGv6 Test Program Guide, Special Publication 500-281Ar1, Nov, 2020
USGv6 Suppliers Declaration of Conformity, Special Publication 500-281Ar1s, Nov, 2020
USGv6 Test Methods: General Description and Validation, Special Publication 500-281Br1, Nov, 2020
Guidelines for the Secure Deployment of IPv6, Special Publication 800-119, Dec, 2010
Security and Privacy Controls for Information Systems and Organizations, Special Publication 800-53r5, Sept 2020
Publications (a listing of documents published by the Cybersecurity for IoT Program)
NISTIR Internet of Things (IoT) Trust Concerns (unpublished DRAFT), Oct, 2018
Internet of Things Advisory Board
Internet of Things Federal Working Group
National Cybersecurity Center of Excellence (NCCoE)
Securing Home IoT Devices using Manufacture Usage Descriptions (MuD) (several topics), since May, 2021
Secure IPv6-only Implementation in the Enterprise (draft), Dec, 2021
Securing Distributed Energy Resources: An Example of Industrial internet of Things Cybersecurity 1800-32 (in 5 volumes), Feb, 2022
National Labor Relations Board
IPv6 Policy, Nov, 2021
National Security Agency (NSA)
Committee on National Security Systems (CNSS) Secretariat
CNSS Glossary, Apr, 2015
Digital Media Center Publications
The Next Wave: Internet of Things, Vol. 21, No. 2, Jan, 2016
IPv6 Security Guidance, PP-22-1805, Jan, 2023
National Telecommunications and Information Administration (NTIA)
Incentives, Benefits, Costs, and Challenges to IPv6 Implementation, Aug, 2016
Various comments (received in response to the above), Oct, 2016
Securities and Exchange Commission (SEC)
Chief Information Officer
Transition to Internet Protocol version 6 (IPv6), July, 2021
Social Security Administration (SSA)
SSA IPv6 Policy 2005-17-21 (informal)
Social Security Information Resources Management Strategic Plan, Fiscal Year 2007 (excerpt relating to IPv6)
Social Security Administration Enterprise Roadmap Fiscal Years 2014-2017, Mar 2014 (pages 100-102)
Office of the Inspector General
The Social Security Administration’s Implementation of Internet Protocol version 6, Aug, 2008
United States Agency for International Development (USAID)
Chief Information Officer (CIO)
USAID Transition to Internet Protocol Version 6 (IPv6), May, 2021
ADS Chapter 509 Management and Oversight of Agency Information Technology Resources, Apr, 2021
ADS Chapter 549 Telecommunications Management, Apr, 2021
USAID Transition to Internet Protocol Version 6 (IPv6), May, 2022
Office of the Deputy Chief Information Officer (M/DCIO)
IPv6 Plans and Standards, June, 2006
Office of the Inspector General (OIG)
Audit of USAID's Implementation of Internet Protocol version 6, A-000-08-006-P, Sept, 2008
United States Commission on Civil Rights (CCR)
IPv6 Policy, May, 2021
United States Department of Agriculture (USDA)
Policies to Ensure IPv6 Compliance for Information Technology (IT) Purchases, Aug 2016
Procurement Advisory No. 127, Nov 2016
IPv6 Policy Waiver Request, Jun 2018
United States Department of Interior (DOI)
DOI Enterprise Transition Strategy, Feb, 2006
Transition to Internet Protocol Version 6, Jun 2021
United States Department of Labor (DOL)
DOL Enterprise Transition Plan - 2011, Apr, 2011
Complete Transition to Internet Protocol version 6 (IPv6), May, 2021
United States Department of State (DoS)
Department of State Internet Protocol version 6 (IPv6) Policy Statement, Sept, 2021
United States Department of Treasury (US Treasury)
Internet Protocol version 6 (IPv6) Implementation, Nov, 2005
Final Audit Report – Planning Is Underway for the Enterprise-Wide Transition to Internet Protocol Version 6, but Further Actions Are Needed, Feb, 2014
Acquisition Procedures Version 1.0, Oct, 2018, see part 1011.002(g)
Guidance for the Transition to Internet Protocol Version 6 (IPv6), May, 2021
United States Environmental Protection Agency (EPA)
Information Directive CIO 2124.2 Internet Protocol Version 6 (IPv6) Compliance Policy, Sep, 2022
United States International Development Finance Corporation (DFC)
Office of Information Technology (OIT)
DFC Internet Protocol Policy IPv6, Feb, 2023
United States International Trade Commission (USITC)
INTERNET PROTOCOL VERSION 6 (IPV6) POLICY, 2021
United States Office of Government Ethics (OGE)
Internet Protocol Version 6 (IPv6) Implementation Plan, Sept, 2021
Internet Protocol Version 6 (IPv6) Policy, May, 2021
United States Occupational Safety & Health Review Commission (OSHRC)
OSHRC Policy for IPv6 (M-21-07), 2021
United States Postal Regulatory Commission (PRC)
Postal Regulatory Commission’s Transition to Internet Protocol version 6 (IPv6), 2021
Part 2: US Department of Defense (DoD) organizations documents
Defense Advanced Research Projects Agency (DARPA) (as sponsor of University of Pennsylvania)
A FRESH LOOK AT INTERNET PROTOCOL VERSION 6 (IPv6) FOR DEPARTMENT OF DEFENSE (DoD) NETWORKS, Aug, 2010
DoD Policy and Guidance
Defense Acquisition University (DAU)
Defense Acquisition Guidebook, Chapter 6 Information Technology and Business Systems, Section 3 Business Practice, Subsection 9 Enterprise Services, Subsubsection 3 Internet Protocol version 6 (IPv6)
Assistant Secretary of Defense (Networks and Information Integration) [which became the DoD Chief Information Officer in Nov, 2014]
Internet Protocol Version 6 (IPv6), June, 2003
Internet Protocol Version 6 (IPv6) Interim Transition Guidance, Sept, 2003
Internet Protocol Version 6 (IPv6) Policy Update, Aug, 2005
Transition Planning for Internet Protocol Version 6 (IPv6), Aug, 2005
THE DEPARTMENT OF DEFENSE INTERNET PROTOCOL VERSION 6 (IPV6) TRANSITION PLAN Version 2, June 2006
DoD Internet Protocol Version 6 (IPv6) Implementation, Feb, 2008
DoD Internet Protocol Version 6 (IPv6) Definitions, June, 2008
Guidance and Policy for Implementation of OMB IPv6 FYs 2012 and 2014 Requirements, March, 2011
DoD IPv6 Standard Profiles For IPv6 Capable Products Version 6.0, July, 2011
DoD Chief Information Officer
DoD Information Enterprise Architecture (IEA) Version 2.0, Aug, 2012
DoD Policy Recommendations for the Internet of Things (IoT), Dec 2016
DoD Chief Information Officer (DoD CIO), Sep, 2017
DoD Internet Protocol Version 6 Implementation Direction and Guidance, Feb, 2019
DoD Zero Trust Strategy, Oct, 2022
Deputy Secretary of Defense
Department of Defense Implementation of Internet Protocol Version 6 – Directive-type Memorandum (DTM) 21-004, June, 2021
(Note: Army, Navy, and Air Force IPv6 policy and guidance documents may also be found on their respective restricted-access websites mentioned in IPv6 and IoT Points of Contact in the FAQ section.)
Defense Information Systems Agency (DISA)
Unified Capabilities Requirements 2013 (UCR 2013) Change 2, Sept, 2017 (scroll down to Section 5 IPv6)
DISA/Information Assurance Support Environment
Security Requirements Guide (SRG)/Security Technical Implementation Guides (STIGs) -- public access
SRG/STIGs -- restricted access (authentication required)
DISA/IPv6 virtual Program Management Office (PMO), presented at AFCEA TechNet Cyber, Dec, 2020
Office of Inspector General
DoD Needs to Reinitiate Migration to Internet Protocol Version 6 (IPv6) (Redacted), DODIG-2015-044, Dec, 2014
(Note: Instructions to obtain a copy of the unredacted document are available here.)
(Also, see the report "DoD Needs to Improve Transition Planning", GAO-20-402, June, 2020, under the Government Accountability Office in Part 1 above.)
Audit of the DoD’s Compliance with Security Requirements When Using Commercial Cloud Services, DODIG-2023-052, Feb, 2023
Department of the Air Force
Air University
The Rise of IPv6: The Benefits and Costs of Transforming Military Cyberspace, Air & Space Power Journal, Mar-Apr 2015
Assistant Secretary of the Air Force (Acquisition) (SAF/AQ)
Air Force Guidance Memorandum to AFI 63-101/20-101, Integrated Life Cycle Management, Sept, 2016, Sect 7.4
Department of the Army (DA)
Army Regulation 25-1 Army Information Management Army Information Technology, Section 4-17b2, Jul 2019
Army Regulations 25-13 Army Telecommunications and Unified Capabilities, Sections 2-6 and 4-6, May 2017
Engineer Research and Development Center (ERDC)
Director, High Performance Computing Modernization Program (HPCMP)
Internet Protocol version 6 (IPv6), Aug, 2003
Department of the Navy (DN)
Naval Postgraduate School
United States Marine Corps (USMC)
Headquarters, U. S. Marine Corps, Command, Control, Communications, and Computers, Plans and
Policy Division
UNITED STATES MARINE CORPS INTERNET PROTOCOL VERSION 6 (IPV6) POLICY, January, 2004
UNITED STATES MARINE CORPS INTERNET PROTOCOL VERSION 6 (IPV6) TRANSITION PLAN Release 1.0, July, 2004
MARINE CORPS TRANSITION TO INTERNET PROTOCOL VERSION 6, Jun, 2022
United States Naval War College (NWC)
IPv6 Implementation at the Naval War College, Nov, 2020
Part 3: US Non-government and State and Local government organizations documents
Amazon Web Services, Inc. (AWS)
Ten Security Golden Rules for Industrial IoT Solutions, Sept, 2021
Armed Forces Communications and Electronics Association (AFCEA)
AFCEA International Cyber Committee
The Security Implications of the Internet of Things, Feb, 2015
California State
Senate Bill 327 Information privacy: connected devices (SB-327), Sep, 2018
Carnegie Mellon University
Software Engineering Institute
Industry Best Practices for Zero Trust Architecture, Dec, 2022
Center for Strategic and International Studies (CSIS)
Leveraging the Internet of Things for a More Efficient and Effective Military, Sept, 2015
Infoblox, Inc.
IPv6 Best Practices, March, 2017
Internet Society (ISOC))
Policy Brief: Adoption of IPv6, Apr, 2016
Massachusetts State
Office of the State Auditor
Audit of the Administration of the Internet of Things, Sept, 2018
New York City (NYC)
IoT Strategy: The New York City Internet of Things Strategy, Mar, 2021
Rand Corporation
The Internet of Bodies: Opportunities, Risk, and Governance, Apr, 2020
StateTech Magazine
IPv6 Upgrade, Sep, 2007
Washington State
Policy 300 – Statewide Migration to IPv6, Nov, 2017