Organization: IoT Security Foundation (IoTSF)
Reference: Establishing Principles for Internet of Things Security
Published on: 22 September 2015
High-level IoT security principles (16-pages)
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: Broadband Internet Technical Advisory Group (BITAG)
Reference: Internet of Things (IoT) Security and Privacy Recommendations
Published on: 22 November 2016
Report on the technical aspects of Internet of Things (IoT) security and privacy outlining a number of observations and recommendations.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.2
Published on: November 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: Open Web Application Security Project (OWASP)
Reference: IoT Security Guidance
Published on: 14 February 2017
Basic list of fundamentals. Consists of:
Manufacturer IoT Security Guidance
Developer IoT Security Guidance
Consumer IoT Security Guidance
Organization: Open Web Application Security Project (OWASP)
Reference: Principles of IoT Security
Published on: 14 May 2016
16 high-level principles of IoT security.
Organization: GSMA
Reference: IoT Security Guidelines
Published on: Latest Update on 31 October 2017 V2.0. Published on 9 February 2016
IoT Security Guidelines is a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions. Aimed for mobile service providers who are looking to develop new IoT products and services. Target audience: IoT Service Providers, IoT Device Manufacturers, IoT Developers, Mobile Network Operators. GSMA provides a set of documents which includes:
IoT Security Guidelines for Service Ecosystem
IoT Security Guidelines for Endpoint Ecosystem
IoT Security Guidelines for Network Operators
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.0
Published on: 23 February 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: AT&T
Reference: The CEO's Guide to Securing the Internet of Things
Published on: 2016
The document provides a strategic framework for securing the IoT, crafted from the work AT&T is doing with customers across many industries — as well as with their own IoT deployments.
Organization: GSMA
Reference: IoT Security Assessment
Published on: October 2017
The GSMA IoT Security Assessment provides a flexible framework that addresses the diversity of the IoT market, enabling companies to build secure IoT devices and solutions as laid out in the GSMA IoT Security Guidelines, a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions.
Organization: Microsoft
Reference: Internet of Things security best practices
Published on: 3 July 2017
To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.
Organization: Internet of Things - Architecture
Reference: Architectural Reference Model for the IoT v3.0
Published on: 15 July 2013
IoT-A, the European Lighthouse Integrated Project created the proposed architectural reference model together with the definition of an initial set of key building blocks. Together they are envisioned as foundations for fostering the emerging Internet of Things. Using an experimental paradigm, IoT-A combined top-down reasoning about architectural principles and design guidelines with simulation and prototyping in exploring the technical consequences of architectural design choices.
Organization: National Institute of Standards and Technology (NIST)
Reference: SP800-53 Security and Privacy Controls for Information Systems and Organizations - Revision 5 (Draft)
Published on: August 2017
NIST Special Publication 800-53 Security and Privacy Controls for Information Systems and Organizations is a comprehensive catalog of security controls developed for use with all U.S. federal information systems. Because of it's comprehensiveness, it became one of the key references for information systems security in other governments around the globe as well as businesses.
In the public draft release of the latest revision (Revision 5) of the SP800-53, the U.S. National Institute of Standards and...
Organization: National Institute of Standards and Technology (NIST)
Reference: SP800-183 Network of 'Things'
Published on: July 2016
SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). By having an understanding as to what IoT represents, building IoT-based systems and researching security and reliability concerns of IoT can be accelerated. SP 800-183 is targeted at computer scientists, IT managers, networking specialists, and networking and cloud computing software...
Organization: NCC Group
Reference: Security of Things: An Implementers Guide to Cyber Security for Internet of Things devices and beyond
Published on: 8 April 2014
The paper takes the reader through a typical IoT product development life-cycle and associated business discussions highlighting the security and privacy impacting areas and decisions that should be considered, why they should be and the potential ramifications if not. In addition for those less experienced in secure hardware and software development lifecycles we also provide a matter of fact look at some of the challenges along the way. At a high-level the paper covers in its 35...