Organization: National Institute of Standards and Technology (NIST)
Reference: SP800-53 Security and Privacy Controls for Information Systems and Organizations - Revision 5 (Draft)
Published on: August 2017
NIST Special Publication 800-53 Security and Privacy Controls for Information Systems and Organizations is a comprehensive catalog of security controls developed for use with all U.S. federal information systems. Because of it's comprehensiveness, it became one of the key references for information systems security in other governments around the globe as well as businesses.
In the public draft release of the latest revision (Revision 5) of the SP800-53, the U.S. National Institute of Standards and...
Organization: Microsoft
Reference: Internet of Things security best practices
Published on: 3 July 2017
To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.
Organization: Microsoft
Reference: Internet of Things security architecture
Published on: 3 July 2017
When designing a system, it is important to understand the potential threats to that system, and add appropriate defenses accordingly, as the system is designed and architected. It is particularly important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.
Organization: The Internet Engineering Task Force (IETF)
Reference: Best Current Practices for Securing Internet of Things (IoT) Devices (Draft)
Published on: 3 July 2017
In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.0
Published on: 23 February 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: Open Web Application Security Project (OWASP)
Reference: IoT Security Guidance
Published on: 14 February 2017
Basic list of fundamentals. Consists of:
Manufacturer IoT Security Guidance
Developer IoT Security Guidance
Consumer IoT Security Guidance
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: IoT Security Foundation (IoTSF)
Reference: Vulnerability Disclosure Best Practice Guidelines
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: IoT Security Foundation (IoTSF)
Reference: Best Practice Guidelines for Connected Consumer Products
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: IoT Security Foundation (IoTSF)
Reference: IoT Security Compliance Framework
Published on: 6 December 2016
The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements. The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers. The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on...
Organization: IoTiap
Reference: Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development
Published on: 2 December 2016
This document addresses security challenges related to the Internet of Things (IoT). As a working paper, it outlines ideas and approaches to improve the situation.
Organization: Broadband Internet Technical Advisory Group (BITAG)
Reference: Internet of Things (IoT) Security and Privacy Recommendations
Published on: 22 November 2016
Report on the technical aspects of Internet of Things (IoT) security and privacy outlining a number of observations and recommendations.
Organization: Department of Homeland Security (DHS)
Reference: Strategic Principles For Securing The Internet Of Things
Published on: 15 November 2016
US Department of Homeland Security (DHS) issued a set of “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0.” These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. The purpose of these principles is to provide stakeholders with tools to comprehensively account for security as they develop, manufacture, implement, or use network-connected devices. It...
Organization: Industrial Internet Consortium (IIC)
Reference: Industrial Internet Security Framework (IISF)
Published on: 26 September 2016
The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Organization: Alliance for Internet of Things Innovation (AIOTI)
Reference: High Level Architecture Functional Model Release 2.1
Published on: September 2016
AIOTI WG3 has developed a High Level Architecture (HLA) for IoT. This document provides an initial proposal for a high-level IoT architecture. This document:
Introduces the use of ISO/IEC/IEEE 42010 by AIOTI WG3
Presents a Domain Model and discusses the “thing” in IoT
Presents a Functional Model
Links this work with the AIOTI WG3 Semantic Interoperability work and the SDO Landscape work