Simple list of resources for IoT security practitioners.

This is a living list – please drop us a line if you’d like to suggest additions.

• 5 eyes Statement of Intent regarding the security of the Internet of Things (July 2019) – Australia, Canada, New Zealand, the United Kingdom and the United States: https://www.gov.uk/government/publications/five-country-ministerial-communique/statement-of-intent-regarding-the-security-of-the-internet-of-things
• Australia Draft Code of Practice – Securing the Internet of Things for Consumers: https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf
• Broadband Internet Technical Advisory Group (BITAG): http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf
• Cloud Security Alliance (CSA): Future-proofing the connected world: 13 steps  to Developing Secure IoT Products: https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/future-proofing-the-connected-world.pdf
• Copper Horse Solutions: Mapping Security & Privacy in the Internet of Things
• Carnegie Melon University: IoT Security and Privacy Label
• Cybersecurity Agency of Singapore (CSA) – IoT Consumer Labelling Scheme: https://www.csa.gov.sg/programmes/cybersecurity-labelling
• European Union Agency for Network and Information Security (ENISA) – Baseline Security Recommendations for Internet of Things: https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot/at_download/fullReport
• ETSI TS 103 645 technical specification cybersecurity for consumer IoT
• ETSI standard EN 303 645 Cyber Security for Consumer Internet of Things and TS 103 701 Conformance Assessment of Baseline Requirements
• EU Cyber Security Act (CSA) and Framework: https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act
• Finland Cybersecurity Label based on ETSI 303 645: https://www.kyberturvallisuuskeskus.fi/en/news/finland-becomes-first-european-country-certify-safe-smart-devices-new-cybersecurity-label
• GSM Association (GSMA): IoT Security Guidelines: http://www.gsma.com/connectedliving/future-iot-networks/iot-security-guidelines/
• I Am The Cavalry: Five Star Automotive Cyber Safety Framework
• I Am The Cavalry: Hippocratic Oath for Connected Medical Devices
• IEEE
• IETF: State of the Art and Challenges for IoT Security
• IETF: Best Current Practices for Securing Internet of Things (IoT) Devices draft-moore-iot-security-bcp-01
• India: Code of Practice for Securing Consumer Internet of Things (IoT) TEC 31318:2021
• Industrial Internet Consortium: Industrial Internet Security Framework: http://www.iiconsortium.org/IISF.htm
• IoT Alliance Australia: IoT Security Awareness Guides  Providers /  Users / Trustmark
• IoT Security Foundation: Whitepaper: Establishing Principles for IoT Security: https://www.iotsecurityfoundation.org/wp-content/uploads/2015/09/IoTSF-Establishing-Principles-for-IoT-Security-Download.pdf
• IoT Security Foundation: IoT Security Assurance Framework: https://www.iotsecurityfoundation.org/best-practice-guidelines/
• IoT Security Foundation: Connected Consumer Best Practice Guidelines: https://www.iotsecurityfoundation.org/best-practice-guidelines/
• IoT Security Foundation: Vulnerability Disclosure Best Practice Guidelines: https://www.iotsecurityfoundation.org/best-practice-guidelines/
• IoT Security Foundation: Best Practice User Mark: https://www.iotsecurityfoundation.org/best-practice-user-mark/
• IoT Security Foundation: IoT security training: https://www.iotsecurityfoundation.org/iot-security-training
• ManySecured Next Generation Router and Gateway Open Standards Website: https://manysecured.net/
• Microsoft: Internet of Things security best practices https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-best-practices
• Microsoft: The Seven Properties of Highly Secure Devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
• Norton: https://us.norton.com/internetsecurity
• OneM2M: Security Technical Report http://www.onem2m.org/images/files/deliverables/Release2/TR-0008-Security-V2_0_0.pdf
• Online Trust Alliance: IoT Security & Privacy Trust Framework https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework6-22.pdf
• Singapore Cybersecurity Labelling Scheme https://www.csa.gov.sg/programmes/cybersecurity-labelling/about-cls
• Smart Card Alliance – Embedded Hardware Security for IoT Applications: https://www.securetechalliance.org/wp-content/uploads/Embedded-HW-Security-for-IoT-WP-FINAL-December-2016.pdf
• Symantec: An Internet of Things Security Reference Architecture https://www.symantec.com/content/dam/symantec/docs/white-papers/iot-security-reference-architecture-en.pdf
• UK DCMS: Secure by Design Report for Consumer IoT and the progress blog to July 2020 by UK NCSC
• UK DCMS Product Security and Telecommunications Infrastructure Act 2022 (PSTI): https://bills.parliament.uk/bills/3069
• UK Government to strengthen security of internet-connected products: https://www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products
• UK Government: Principles of cyber security for connected and automated vehicles https://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles
• UK Government: Walport Report https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/409774/14-1230-internet-of-things-review.pdf
• UK National Cyber Security Centre (NCSC) Vulnerability Disclosure Toolkit: https://www.ncsc.gov.uk/information/vulnerability-disclosure-toolkit
• USA Executive Order on Improving the Nation’s Cybersecurity (May 12 2021): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
• US California Security of Connected Devices Bill SB 327: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
• US Department of Homeland Security: Strategic Principles for Securing the Internet of Things https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf
• US NIST: Draft Security Feature Recommendations for IoT Devices – https://www.nist.gov/news-events/news/2019/08/nist-releases-draft-security-feature-recommendations-iot-devices
• US NIST: 8259A IoT Device Cybersecurity Capability Core Baseline
• US NIST: 8259B IoT Non-Technical Supporting Capability Core Baseline
• US NIST: Systems Security Engineering 800.160: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf
• US NIST: IoT https://www.nist.gov/topics/internet-things-iot
• US NIST: Recommended Criteria for Cybersecurity Labeling for Consumer IoT Products
• US NTIA: Multistakeholder Process; Internet of Things (IoT) Security Upgradability and Patching
• W3C