Organization: Cloud Security Alliance (CSA)
Reference: Identity and Access Management for the Internet of Things
Published on: 30 September 2015
To help security practitioners ensure the integrity of their IoT deployments, the report details 23 recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF. Some of these recommendations include:
- Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization.
- Do not deploy IoT resources without changing default passwords for administrative access.
- Evaluate a move to Identity Relationship Management (IRM) in place of traditional IAM.
- Design your authentication and authorization schemes based on your system-level threat models.
