Identity & Access Management for the IoT


Organization: Cloud Security Alliance (CSA)

Reference: Identity and Access Management for the Internet of Things

Published on: 30 September 2015

To help security practitioners ensure the integrity of their IoT deployments, the report details 23 recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF. Some of these recommendations include:

  • Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization.
  • Do not deploy IoT resources without changing default passwords for administrative access.
  • Evaluate a move to Identity Relationship Management (IRM) in place of traditional IAM.
  • Design your authentication and authorization schemes based on your system-level threat models.