IoT Security Foundation announces update to the IoT Security Compliance Framework

Also extends best practice guidelines for Connected Consumer Products

Release Date: December 5th 2017

The Internet of Things Security Foundation (IoTSF) announced today that it has updated its industry leading IoT Security Compliance Framework to Release 1.1. The Framework was created by security practitioners and aimed at product developers, manufacturers and supply chain managers. This release details 204 controls across 14 themes that businesses can use to ensure their consumer category products are IoT ready. A companion questionnaire is also supplied and provides a simple mechanism for documenting requirement responses.

IoTSF also extended its best practice guidance for connected consumer products to include logging and software update policy as part of its review.

The framework, questionnaire and best practice guidelines are available to download for free from the IoTSF website. Users are also invited to use the Best Practice User Mark to inform their public that they observe security best practices in their organisations.

Richard Marshall, IoTSF Executive Steering Board member, said “since we published the first version of the Framework it has been downloaded, used and referenced by a wide number of stakeholders. These updates build on the first release and further strengthen the security mechanisms that organisations need to provide. We’ve also added a companion questionnaire to assist businesses in their security risk assessments. As IoT covers a vast number of use cases, the Framework is written in a manner that makes it extensible, and we will add categories beyond its consumer based origins in future releases.”

John Moor, IoTSF Managing Director also commented that “the era of IoT is characterised by hyper-connectivity and software defined products. Ensuring fit for purpose security is recognised as a wicked challenge which requires many stakeholders, and more than technical solutions alone. We are encouraging all organisations that provide or use IoT-class technology to be proactive, and think about their duty of care to their customers and wider society. We’re here to help in that endeavour, and we’re delighted to announce these updates to our publications today. Further, we encourage industry to provide feedback so that we can ensure they are easy to use and stay relevant in the fast-paced world of connected and digital technology.”

The publications can be downloaded direct from the IoTSF website https://www.iotsecurityfoundation.org/best-practice-guidelines/

Release 1.1 of The IoT Security Compliance Framework and Questionairre

Richard Marshall

Richard Marshall “This version builds on the first release and further strengthens the security mechanisms that organisations need to provide.

John Moor

John Moor “We are encouraging all organisations that provide or use IoT-class technology to be proactive, and think about their duty of care”