Make it Safe to Connect

What do you get from IoT Security Foundation publications?

  • Triple-A Guidance: Accessible, Authoritative, Actionable
  • Reduce your Cyber Risk: Improve Your Safety and Security Posture
  • Free to Download: No Registration Required

Securing IoT is more than just technical solutions; it requires knowledgeable people, sound processes, and fit-for-purpose tech. IoT security is constantly evolving, with new vulnerabilities discovered regularly, making it a journey, not a destination. Your security posture is determined by how you address this dynamic, adjusting your risk profile and investment decisions. The IoT Security Foundation champions better security, reducing common risk, lowering costs and business liability, increasing confidence and enabling markets for societal and economic benefit.

If you like what we do, please consider supporting us by becoming a member or sponsoring our activity. As a not-for-profit, we cannot do what we do without the support of our members and patrons – it’s cost-effective and a healthy investment for all.

John Moor, Managing Director IoTSF

IoT Security Foundation Publications

You can download our publications for free – without registration.

We encourage you to reference, share and help others find them. 

Materials published by IoTSF include contributions from security practitioners, researchers, industrially experienced staff and other relevant sources from IoTSF’s membership and partners. IoTSF has a multi-stage process designed to develop contemporary best practice with a quality assurance peer review prior to publication.

Users of IoT Security Foundation (IoTSF) guidance materials are encouraged to use the latest advice and frameworks available. To maintain and build on our published materials, IoTSF issues releases in a timely manner – a known good practice in dynamic settings.

IoTSF endeavours to provide fit-for-purpose and up to date guidance. In the spirit of continuous improvement, IoTSF invites feedback from users and third party experts to help make those improvements to our outputs. You can do this simply by emailing us at [email protected] – please include the document title and “feedback” in your email subject line.

The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer IoT in 2023

Report 6 – November 2023

About The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer IoT in 2023

The IoT Security Foundation has published its latest influential research report which monitors the security management behaviour of consumer IoT product companies…

Read More

IoT Cybersecurity for Facilities Professionals

Release 1.0, March 2023

About the guide

The advent of new technologies means our world has become increasingly digital. In recent years, this has included the introduction of new ‘smart’ and ‘connected’ technologies…

Read More

IoT Security Assurance Framework

Release 3.0, November 2021

About the IoT Security Assurance Framework

The IoT Security Assurance Framework is a practical resource that helps IoT vendors provide fit-for-purpose security…

Read More

Software Bills of Materials for IoT and OT Devices

Release 1.1.0 – Feb 2023

About the Whitepaper

Regulators in many domains have begun to look seriously at software vendors’ and operators’ management of supply chain risks. Recent software-related events have woken them up to modern software supply chains leaving connected systems highly vulnerable to attack, so they are making new rules.

Read More

Securing the Internet of Things Supply Chain Whitepaper

Release 1.0.0 – June 2022

About the Whitepaper

Whilst much has been written about software supply chains, hardware supply chains and cybersecurity in recent times, this paper considers the key combinations that make up the IoT cybersecurity supply network, in finer detail….

Read More

Secure Design Best Practice Guides

Release 2 – December 2019

About the Secure Design Best Practice Guides

IoT products are permeating every avenue of modern life and are increasingly found in our workplaces, homes and about our person. Many new entrants are bringing IoT class products into these unregulated markets…

Read More

Vulnerability Disclosure BPG

Release 2.0 – September 2021

About the Vulnerability Disclosure Best Practice Guidelines

The complexity of todays digital systems means that all but the simplest of systems will inevitably have security flaws – this is why PC’s and mobile apps get frequently patched for example. Large or small, all companies are likely…

Read More

Router and IoT Vulnerabilities: Insecure by Design

About The Router and IoT Vulnerabilities: Insecure by Design Whitepaper

This Whitepaper seeks to raise awareness of a fundamental design flaw that has received little attention to date and yet affects many IoT devices and standard Internet routers…

Read More

Can You Trust Your Smart Building?

About the Can You Trust Your Smart Building? Whitepaper

The whitepaper discusses a number of vulnerabilities that exist in smart buildings and where solutions lie to protect people, assets and business investments.

Read More

IoT Security Reference Architecture for The Healthcare Industry

About the Healthcare IoT Security Reference Architecture

Internet of Things (IoT) products and services have created a significant healthcare opportunity. They offer benefits such as improved diagnosis and treatment, the ability to carry out remote monitoring, and reducing operating costs to counter the rising cost of care…

Read More

HOME IoT Security Architecture and Policy

Release 1 Nov 2018

Hub Based IoT Security Architectures & Policy White Papers

The home IoT whitepaper is intended for OEMs designing devices or smart hubs – as “the Hub” is a key element of the architecture – Service Providers and Retailers, or anyone with responsibilities for ….

Read More

ENTERPRISE IoT Security Architecture and Policy

Release 1 Nov 2018

Hub Based IoT Security Architectures & Policy White Papers

The enterprise IoT whitepaper is intended to illustrate a solution for enterprise environments where businesses are looking for operational and productivity benefits of using IoT. It is intended for chief officers or managers ….

Read More

IoT Cybersecurity: Regulation Ready

FULL Version Nov 2018

About the Whitepaper

The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…

Read More

IoT Cybersecurity: Regulation Ready

CONCISE Version Nov 2018

About the Whitepaper

The IoT Security Foundation has published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply throughout the IoT ecosystem…

Read More