Organization: IoT Security Foundation (IoTSF) Reference: IoT Security Compliance Framework Published on: 6 December 2016 The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements. The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers. The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on...
Organization: IoTiap Reference: Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development Published on: 2 December 2016 This document addresses security challenges related to the Internet of Things (IoT). As a working paper, it outlines ideas and approaches to improve the situation.
Organization: European Union Agency for Network and Information Security (ENISA) Reference: Cyber security and resilience for Smart Hospitals Published on: 24 November 2016 This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation the report described the Smart Hospital ecosystem and its specific objectives. Based on the analysis of documents and empirical data, and the detailed examination of attack scenarios found to be particularly relevant for smart hospitals, this document identifies mitigation techniques...
Organization: Broadband Internet Technical Advisory Group (BITAG) Reference: Internet of Things (IoT) Security and Privacy Recommendations Published on: 22 November 2016 Report on the technical aspects of Internet of Things (IoT) security and privacy outlining a number of observations and recommendations.
Organization: National Institute of Standards and Technology, U.S. Department of Commerce (NIST) Reference: Systems Security Engineering – NIST SP 800-160 Published on: November 2016 NIST issued the final draft of the new guidance Special Publication 800-160 “Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”. The guidelines is intended to help determine the security of IoT devices and assign a level of trustworthiness to each. From the publication Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical...
Organization: Department of Homeland Security (DHS) Reference: Strategic Principles For Securing The Internet Of Things Published on: 15 November 2016 US Department of Homeland Security (DHS) issued a set of “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0.” These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. The purpose of these principles is to provide stakeholders with tools to comprehensively account for security as they develop, manufacture, implement, or use network-connected devices. It...
Organization: Cloud Security Alliance (CSA) Reference: Future Proofing the Connected World – 13 Steps to Developing Secure IoT Products Published on: 7 October 2016 80-page guidance on development of secure IoT products released by the IoT Working Group of CSA.
Organization: Industrial Internet Consortium (IIC) Reference: Industrial Internet Security Framework (IISF) Published on: 26 September 2016 The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Organization: Alliance for Internet of Things Innovation (AIOTI) Reference: High Level Architecture Functional Model Release 2.1 Published on: September 2016 AIOTI WG3 has developed a High Level Architecture (HLA) for IoT. This document provides an initial proposal for a high-level IoT architecture. This document: Introduces the use of ISO/IEC/IEEE 42010 by AIOTI WG3 Presents a Domain Model and discusses the “thing” in IoT Presents a Functional Model Links this work with the AIOTI WG3 Semantic Interoperability work and the SDO Landscape work
Organization: International Organization for Standardization (ISO) Reference: CD 30141 Internet of Things Reference Architecture (IoT RA) (Committee Draft) Published on: 10 September 2016 This document provides a standardized IoT reference architecture using a common vocabulary, reusable designs and industry best practices. It uses a top down approach, beginning with collecting the most important characteristics of IoT, abstracting those into a generic IoT conceptual model, deriving from the conceptual model to a high level system based reference model and then breaking down from reference model to the five architecture views (functional view, system view, user view, information view and communication view)...
Organization: oneM2M Reference: Release 2 Specifications Within Release 2 Specifications the Functional Architecture is here Published on: 30 August 2016 Reference for M2M development.
Organization: oneM2M Reference: Release 2 Specifications Within Release 2 Specifications the Security Technical Report is here Published on: 30 August 2016 Standard for M2M deployment covering requirements, architecture, API specifications, security solutions and mapping to common industry protocols such as CoAP, MQTT and HTTP.
Organization: Z-Wave Reference: S2 Security Framework Published on: August 2016 Introduction into the new Security 2 (S2) framework for smart home devices and controllers, gateways and hubs.
Organization: Automotive Information Sharing and Analysis Center (Auto-ISAC) Reference: Automotive Cybersecurity Best Practices Published on: 21 July 2016 The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties.
Organization: National Institute of Standards and Technology (NIST) Reference: SP800-183 Network of 'Things' Published on: July 2016 SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). By having an understanding as to what IoT represents, building IoT-based systems and researching security and reliability concerns of IoT can be accelerated. SP 800-183 is targeted at computer scientists, IT managers, networking specialists, and networking and cloud computing software...