Organization: IoT Security Foundation (IoTSF)
Reference: Best Practice Guidelines for Connected Consumer Products
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: Alliance for Internet of Things Innovation (AIOTI)
Reference: High Level Architecture Functional Model Release 2.1
Published on: September 2016
AIOTI WG3 has developed a High Level Architecture (HLA) for IoT. This document provides an initial proposal for a high-level IoT architecture. This document:
Introduces the use of ISO/IEC/IEEE 42010 by AIOTI WG3
Presents a Domain Model and discusses the “thing” in IoT
Presents a Functional Model
Links this work with the AIOTI WG3 Semantic Interoperability work and the SDO Landscape work
Organization: oneM2M
Reference: Release 2 Specifications Within Release 2 Specifications the Security Technical Report is here
Published on: 30 August 2016
Standard for M2M deployment covering requirements, architecture, API specifications, security solutions and mapping to common industry protocols such as CoAP, MQTT and HTTP.
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: AT&T
Reference: The CEO's Guide to Securing the Internet of Things
Published on: 2016
The document provides a strategic framework for securing the IoT, crafted from the work AT&T is doing with customers across many industries — as well as with their own IoT deployments.
Organization: IoT Security Foundation (IoTSF)
Reference: Establishing Principles for Internet of Things Security
Published on: 22 September 2015
High-level IoT security principles (16-pages)
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.2
Published on: November 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: Cloud Security Alliance (CSA)
Reference: Identity and Access Management for the Internet of Things
Published on: 30 September 2015
To help security practitioners ensure the integrity of their IoT deployments, the report details 23 recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF. Some of these recommendations include:
Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization.
Do not deploy IoT resources without changing default passwords for administrative access.
Evaluate a move...
Organization: European Union Agency for Network and Information Security (ENISA)
Reference: Baseline Security Recommendations for IoT
Published on: 20 November 2017
The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.
Organization: Symantec
Reference: Security Reference Architecture for the Internet of Things (IoT)
Published on: 17 September 2015
This paper describes a powerful and easy-to-deploy architecture for mitigating the vast majority of security threats to the Internet of Things, including advanced and sophisticated threats. The architecture rests on five fundamental tenets:
Tenet 1: A Strong Trust Model for IoT
Tenet 2: Protecting the Code that Drives IoT
Tenet 3: Safely and Effectively Managing IoT
Tenet 4: Effective Host-Based Protection for IoT
Tenet 5: Security Analytics to Address Threats Beyond the Above Countermeasures
Organization: National Institute of Standards and Technology (NIST)
Reference: SP800-183 Network of 'Things'
Published on: July 2016
SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). By having an understanding as to what IoT represents, building IoT-based systems and researching security and reliability concerns of IoT can be accelerated. SP 800-183 is targeted at computer scientists, IT managers, networking specialists, and networking and cloud computing software...
Organization: Open Web Application Security Project (OWASP)
Reference: Principles of IoT Security
Published on: 14 May 2016
16 high-level principles of IoT security.
Organization: IoT Security Foundation (IoTSF)
Reference: Vulnerability Disclosure Best Practice Guidelines
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: IoT Alliance Australia (IoTAA)
Reference: Internet of Things Security Guideline V1.0
Published on: 23 February 2017
The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to:
promote a ‘security by design’ approach to IoT;
assist industry to understand the practical application of security and privacy for IoT device use;
be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and
assist industry to understand some of the relevant legislation around privacy and security.
Organization: GSMA
Reference: IoT Security Guidelines
Published on: Latest Update on 31 October 2017 V2.0. Published on 9 February 2016
IoT Security Guidelines is a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions. Aimed for mobile service providers who are looking to develop new IoT products and services. Target audience: IoT Service Providers, IoT Device Manufacturers, IoT Developers, Mobile Network Operators. GSMA provides a set of documents which includes:
IoT Security Guidelines for Service Ecosystem
IoT Security Guidelines for Endpoint Ecosystem
IoT Security Guidelines for Network Operators