Tag: NEWS
Organization: European Union Agency for Network and Information Security (ENISA)
Reference: Baseline Security Recommendations for IoT
Published on: 20 November 2017
The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.2
Published on: November 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: GSMA
Reference: IoT Security Guidelines
Published on: Latest Update on 31 October 2017 V2.0. Published on 9 February 2016
IoT Security Guidelines is a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions. Aimed for mobile service providers who are looking to develop new IoT products and services. Target audience: IoT Service Providers, IoT Device Manufacturers, IoT Developers, Mobile Network Operators. GSMA provides a set of documents which includes:
IoT Security Guidelines for Service Ecosystem
IoT Security Guidelines for Endpoint Ecosystem
IoT Security Guidelines for Network Operators
Organization: The Internet Engineering Task Force (IETF)
Reference: A Firmware Update Architecture for Internet of Things Devices (Draft)
Published on: 30 October 2017
Vulnerabilities with IoT devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts.
This document specifies requires and an architecture for a firmware update mechanism aimed for Internet of Things (IoT) devices. The architecture is agnostic to the transport of the firmware images and associated meta-data.
This version of...
Organization: GSMA
Reference: IoT Security Assessment
Published on: October 2017
The GSMA IoT Security Assessment provides a flexible framework that addresses the diversity of the IoT market, enabling companies to build secure IoT devices and solutions as laid out in the GSMA IoT Security Guidelines, a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions.
Organization: National Institute of Standards and Technology (NIST)
Reference: SP800-53 Security and Privacy Controls for Information Systems and Organizations - Revision 5 (Draft)
Published on: August 2017
NIST Special Publication 800-53 Security and Privacy Controls for Information Systems and Organizations is a comprehensive catalog of security controls developed for use with all U.S. federal information systems. Because of it's comprehensiveness, it became one of the key references for information systems security in other governments around the globe as well as businesses.
In the public draft release of the latest revision (Revision 5) of the SP800-53, the U.S. National Institute of Standards and...
Organization: UK Department for Transport, Centre for the Protection of National Infrastructure, and Centre for Connected and Autonomous
Reference: Principles of cyber security for connected and automated vehicles
Published on: 6 August 2017
As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.
The 8 principles in this guidance set out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.
The quick start guide to vehicle cyber security lists the 8 principles:
organisational security is owned, governed and...
Organization: New York City
Reference: Guidelines for the Internet of Things
Published on: 14 July 2017
These guidelines provide a framework to help government and our partners responsibly deploy connected devices and IoT technologies in a coordinated and consistent manner. More than 35 leading cities, spanning 11 countries, have now joined New York City in this effort.
Organization: Microsoft
Reference: Internet of Things security best practices
Published on: 3 July 2017
To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.
Organization: Microsoft
Reference: Internet of Things security architecture
Published on: 3 July 2017
When designing a system, it is important to understand the potential threats to that system, and add appropriate defenses accordingly, as the system is designed and architected. It is particularly important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.
Organization: The Internet Engineering Task Force (IETF)
Reference: Best Current Practices for Securing Internet of Things (IoT) Devices (Draft)
Published on: 3 July 2017
In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.0
Published on: 23 February 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: Open Web Application Security Project (OWASP)
Reference: IoT Security Guidance
Published on: 14 February 2017
Basic list of fundamentals. Consists of:
Manufacturer IoT Security Guidance
Developer IoT Security Guidance
Consumer IoT Security Guidance
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: US Food and Drug Administration (FDA)
Reference: Postmarket Management of Cybersecurity in Medical Devices
Published on: 28 December 2016
Final version of the guidance informing industry and the FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices.