IoT Security Foundation Publications

Like any aspect of information security, IoT security is not absolute and can never be guaranteed – it is a journey, not a destination. New vulnerabilities are constantly being discovered, which means there is a need to monitor, maintain and review both policy and practice on a regular basis.

Materials published by IoTSF include contributions from security practitioners, researchers, industrially experienced staff and other relevant sources from IoTSF’s membership and partners. IoTSF has a multi-stage process designed to develop contemporary best practice with a quality assurance peer review prior to publication.

Users of IoT Security Foundation (IoTSF) guidance materials are encouraged to use the latest advice and frameworks available. To maintain and build on our published materials, IoTSF issues releases in a timely manner – consistent with other bodies working in dynamic settings.

IoTSF endeavours to provide fit-for-purpose and up to date guidance. In the spirit of continuous improvement, IoTSF invites feedback from users and third party experts to help make those improvements to our outputs. You can do this simply by emailing us at contact@iotsecurityfoundation.org – please include the document title and “feedback” in your email subject line.

Organisations that follow IoTSF best practices may download and use the Best Practice User Mark on their marketing materials.

Can You Trust Your Smart Building?

DOWNLOAD

About The Can You Trust Your Smart Building? Whitepaper

The whitepaper discusses a number of vulnerabilities that exist in smart buildings and where solutions lie to protect people, assets and business investments.

It is aimed at a broad range of stakeholders that together design, specify, procure, install/integrate, validate, operate and maintain building automation systems (BAS). It is specifically targeted at building owners, facility managers, technology providers, architects and installers.

Read More

IoT Security Reference Architecture For The Healthcare Industry

DOWNLOAD ARCHITECTURE

About the Healthcare IoT Security Reference Architecture

Internet of Things (IoT) products and services have created a significant healthcare opportunity. They offer benefits such as improved diagnosis and treatment, the ability to carry out remote monitoring, and reducing operating costs to counter the rising cost of care. The IoT Security Foundation has published this IoT Security Reference Architecture For The Healthcare Industry to…

Read More

IoT Security Compliance Framework

Release 2.0 – December 2018

DOWNLOAD FRAMEWORK

About the IoT Security Compliance
Framework

The IoT security compliance framework is a comprehensive checklist to guide an organisation through the IoT security assurance process, gathering evidence in a structured manner to demonstrate conformance with best practice.

IoT Security Compliance Questionnaire

Release 2.0 – December 2018

DOWNLOAD QUESTIONNAIRE

About the IoT Security Questionnaire

The IoT Security Compliance Questionnaire is a companion document to the Framework and is used to record evidence of best practice.

See the short video for more.

Secure Design Best Practice Guides

Release 1.2.1 – December 2018

DOWNLOAD GUIDES

About the Secure Design Best Practice Guides

IoT products are permeating every avenue of modern life and are increasingly found in our work places, homes and about our person. Many new entrants are bringing IoT class products into these unregulated markets…

Read More

Vulnerability Disclosure BPG

Release 1.1 – December 2017

DOWNLOAD

About the Vulnerability Disclosure Best Practice Guidelines

The complexity of todays digital systems means that all but the simplest of systems will inevitably have security flaws – this is why PC’s and mobile apps get frequently patched for example. Large or small, all companies are likely…

Read More

HOME IoT Security Architecture and Policy

Release 1 Nov 2018

DOWNLOAD

Hub Based IoT Security Architectures & Policy White Papers

The home IoT whitepaper is intended for OEMs designing devices or smart hubs – as “the Hub” is a key element of the architecture – Service Providers and Retailers, or anyone with responsibilities for ….

Read More

ENTERPRISE IoT Security Architecture and Policy

Release 1 Nov 2018

DOWNLOAD

Hub Based IoT Security Architectures & Policy White Papers

The enterprise IoT whitepaper is intended to illustrate a solution for enterprise environments where businesses are looking for operational and productivity benefits of using IoT. It is intended for chief officers or managers ….

Read More

IoT Cybersecurity: Regulation Ready

FULL Version Nov 2018

DOWNLOAD

The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…

Read More

IoT Cybersecurity: Regulation Ready

CONCISE Version Nov 2018

DOWNLOAD

The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…

Read More

Use of Vulnerability Disclosure in Consumer Internet of Things Companies

DOWNLOAD

Status Report Dec 2018: What happens when someone discovers a cyber-security issue in a connected product? How do they tell a company about the problem and how does the problem get fixed?…

Read More