About IoTSF Publications

Like any aspect of information security, IoT security is not absolute and can never be guaranteed. New vulnerabilities are constantly being discovered, which means there is a need to monitor, maintain and review both policy and practice on a regular basis.

bpg-publications-imageUsers of IoT Security Foundation (IoTSF) guidance materials are encouraged to use the latest advice and frameworks available. To maintain and build on our published materials, IoTSF issues releases in a timely manner – consistent with other bodies working in dynamic settings.

Documents published by the IoTSF are therefore subject to regular review and may be updated or subject to change at any time. The current status of IoTSF publications, can be found on this website and users are encouraged to check back for current releases on a regular basis.

IoTSF will make new releases public in appropriate ways such as press releases, bulletins and this website.

IoTSF endeavours to provide fit-for-purpose and up to date guidance. In the spirit of continuous improvement, IoTSF invites feedback from users and third party experts to help make those improvements to our outputs. You can do this simply by emailing us at contact@iotsecurityfoundation.org – please include the document title and “feedback” in your email subject line.

Organisations that follow IoTSF best practices may download and use the Best Practice User mark on their marketing materials.

IoT Security Compliance Framework


About the IoT Security Compliance

The IoT security compliance framework is a comprehensive checklist to guide an organisation through the IoT security assurance process, gathering evidence in a structured manner to demonstrate conformance with best practice…

Read More

IoT Security Compliance Questionnaire


About the IoT Security Questionnaire

The IoT Security Compliance Questionnaire is a companion document to the Framework and is used to record evidence of best practice.

See the short video for more.

Connected Consumer Products BPG


About the Connected Consumer Best Practice Guidelines

IoT products are permeating every avenue of modern life and increasing found in our work places, homes and about our person. Many new entrants are bringing IoT class products into these unregulated markets…

Read More

Vulnerability Disclosure BPG


About the Vulnerability Disclosure Best Practice Guidelines

The complexity of todays digital systems means that all but the simplest of systems will inevitably have security flaws – this is why PC’s and mobile apps get frequently patched for example. Large or small, all companies are likely…

Read More

Hub based approach for Home IoT


Hub Based IoT Security Architectures & Policy White Papers

The home IoT whitepaper is intended for OEMs designing devices or smart hubs – as “the Hub” is a key element of the architecture – Service Providers and Retailers, or anyone with responsibilities for ….

Read More

Hub based approach for Enterprise IoT


Hub Based IoT Security Architectures & Policy White Papers

The enterprise IoT whitepaper is intended to illustrate a solution for enterprise environments where businesses are looking for operational and productivity benefits of using IoT. It is intended for chief officers or managers ….

Read More