Organization: International Organization for Standardization (ISO)
Reference: CD 30141 Internet of Things Reference Architecture (IoT RA) (Committee Draft)
Published on: 10 September 2016 This document provides a standardized IoT reference architecture using a common vocabulary, reusable designs and industry best practices. It uses a top down approach, beginning with collecting the most important characteristics of IoT, abstracting those into a generic IoT conceptual model, deriving from the conceptual model to a high level system based reference model and then breaking down from reference model to the five architecture views (functional view, system view, user view, information view and communication view)...
Organization: GSMA
Reference: IoT Security Assessment
Published on: October 2017
The GSMA IoT Security Assessment provides a flexible framework that addresses the diversity of the IoT market, enabling companies to build secure IoT devices and solutions as laid out in the GSMA IoT Security Guidelines, a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions.
Organization: European Union Agency for Network and Information Security (ENISA)
Reference: Securing Smart Airports
Published on: 16 December 2016
In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national authorities and agencies that are in charge of cyber-security for airports. Based on an in depth examination of existing knowledge as well as validation interviews with subject matter experts, this report highlights the key assets of smart airports. Built on this, a detailed analysis and threats...
Organization: The Internet Engineering Task Force (IETF)
Reference: Best Current Practices for Securing Internet of Things (IoT) Devices (Draft)
Published on: 3 July 2017
In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.
Organization: IoT Security Foundation (IoTSF)
Reference: Vulnerability Disclosure Best Practice Guidelines
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: Broadband Internet Technical Advisory Group (BITAG)
Reference: Internet of Things (IoT) Security and Privacy Recommendations
Published on: 22 November 2016
Report on the technical aspects of Internet of Things (IoT) security and privacy outlining a number of observations and recommendations.
Organization: AT&T
Reference: The CEO's Guide to Securing the Internet of Things
Published on: 2016
The document provides a strategic framework for securing the IoT, crafted from the work AT&T is doing with customers across many industries — as well as with their own IoT deployments.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.0
Published on: 23 February 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: Microsoft
Reference: Internet of Things security best practices
Published on: 3 July 2017
To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.
Organization: Industrial Internet Consortium (IIC)
Reference: Industrial Internet Security Framework (IISF)
Published on: 26 September 2016
The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Organization: Alliance for Internet of Things Innovation (AIOTI)
Reference: High Level Architecture Functional Model Release 2.1
Published on: September 2016
AIOTI WG3 has developed a High Level Architecture (HLA) for IoT. This document provides an initial proposal for a high-level IoT architecture. This document:
Introduces the use of ISO/IEC/IEEE 42010 by AIOTI WG3
Presents a Domain Model and discusses the “thing” in IoT
Presents a Functional Model
Links this work with the AIOTI WG3 Semantic Interoperability work and the SDO Landscape work
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: GSMA
Reference: IoT Security Guidelines
Published on: Latest Update on 31 October 2017 V2.0. Published on 9 February 2016
IoT Security Guidelines is a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions. Aimed for mobile service providers who are looking to develop new IoT products and services. Target audience: IoT Service Providers, IoT Device Manufacturers, IoT Developers, Mobile Network Operators. GSMA provides a set of documents which includes:
IoT Security Guidelines for Service Ecosystem
IoT Security Guidelines for Endpoint Ecosystem
IoT Security Guidelines for Network Operators
Organization: NCC Group
Reference: Security of Things: An Implementers Guide to Cyber Security for Internet of Things devices and beyond
Published on: 8 April 2014
The paper takes the reader through a typical IoT product development life-cycle and associated business discussions highlighting the security and privacy impacting areas and decisions that should be considered, why they should be and the potential ramifications if not. In addition for those less experienced in secure hardware and software development lifecycles we also provide a matter of fact look at some of the challenges along the way. At a high-level the paper covers in its 35...