IoT Security Foundation Publications
Like any aspect of information security, IoT security is not absolute and can never be guaranteed – it is a journey, not a destination. New vulnerabilities are constantly being discovered, which means there is a need to monitor, maintain and review both policy and practice on a regular basis.
Materials published by IoTSF include contributions from security practitioners, researchers, industrially experienced staff and other relevant sources from IoTSF’s membership and partners. IoTSF has a multi-stage process designed to develop contemporary best practice with a quality assurance peer review prior to publication.
Users of IoT Security Foundation (IoTSF) guidance materials are encouraged to use the latest advice and frameworks available. To maintain and build on our published materials, IoTSF issues releases in a timely manner – consistent with other bodies working in dynamic settings.
IoTSF endeavours to provide fit-for-purpose and up to date guidance. In the spirit of continuous improvement, IoTSF invites feedback from users and third party experts to help make those improvements to our outputs. You can do this simply by emailing us at contact@iotsecurityfoundation.org – please include the document title and “feedback” in your email subject line.
Organisations that follow IoTSF best practices may download and use the Best Practice User Mark on their marketing materials.
Publications
- IoT Security Assurance Framework
- The Contemporary Use of Vulnerability Disclosure in IoT
- Vulnerability Disclosure Best Practice Guide
- Router and IoT Vulnerabilities: Insecure by Design
- Consumer IoT: Vulnerability Disclosure – Expanding the View into 2021
- Secure Design Best Practice Guides
- Can You Trust Your Smart Building?
- IoT Security Reference Architecture for the Healthcare Industry
- HOME IoT Security Architecture and Policy *FOR OEM’s
- ENTERPRISE IoT Security Architecture and Policy *FOR SECURITY ARCHITECTS
- IoT Cybersecurity: Regulation Ready – Full Version Nov 2018
- IoT Cybersecurity: Regulation Ready – Concise Version Nov 2018
Best Practice User Mark
IoT Security Assurance Framework
Release 3.0, November 2021
About the IoT Security Assurance Framework
The IoT Security Assurance Framework is a practical resource that helps IoT vendors provide fit-for-purpose security……..
Read More
The Contemporary Use of Vulnerability Disclosure in IoT
Report 4 – November 2021

About The Contemporary Use of Vulnerability Disclosure in IoT
The IoT Security Foundation publishes its 4th report which examines the practice of vulnerability disclosure in Consumer IoT – with an extension into enterprise and the B2B model…
Read More
Vulnerability Disclosure BPG
Release 2.0 – September 2021

About the Vulnerability Disclosure Best Practice Guidelines
The complexity of todays digital systems means that all but the simplest of systems will inevitably have security flaws – this is why PC’s and mobile apps get frequently patched for example. Large or small, all companies are likely…
Read More
Secure Design Best Practice Guides
Release 2 – December 2019
About the Secure Design Best Practice Guides
IoT products are permeating every avenue of modern life and are increasingly found in our workplaces, homes and about our person. Many new entrants are bringing IoT class products into these unregulated markets…
Read More
Router and IoT Vulnerabilities: Insecure by Design
About The Router and IoT Vulnerabilities: Insecure by Design Whitepaper
This Whitepaper seeks to raise awareness of a fundamental design flaw that has received little attention to date and yet affects many IoT devices and standard Internet routers…
Read More
Can You Trust Your Smart Building?
About the Can You Trust Your Smart Building? Whitepaper
The whitepaper discusses a number of vulnerabilities that exist in smart buildings and where solutions lie to protect people, assets and business investments.
Read More
IoT Security Reference Architecture for The Healthcare Industry
About the Healthcare IoT Security Reference Architecture
Internet of Things (IoT) products and services have created a significant healthcare opportunity. They offer benefits such as improved diagnosis and treatment, the ability to carry out remote monitoring, and reducing operating costs to counter the rising cost of care…
Read More
HOME IoT Security Architecture and Policy
Release 1 Nov 2018
Hub Based IoT Security Architectures & Policy White Papers
The home IoT whitepaper is intended for OEMs designing devices or smart hubs – as “the Hub” is a key element of the architecture – Service Providers and Retailers, or anyone with responsibilities for ….
Read More
ENTERPRISE IoT Security Architecture and Policy
Release 1 Nov 2018
Hub Based IoT Security Architectures & Policy White Papers
The enterprise IoT whitepaper is intended to illustrate a solution for enterprise environments where businesses are looking for operational and productivity benefits of using IoT. It is intended for chief officers or managers ….
Read More
IoT Cybersecurity: Regulation Ready
FULL Version Nov 2018
The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…
Read More
IoT Cybersecurity: Regulation Ready
CONCISE Version Nov 2018
The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…