The IoT Security Foundation (IoTSF) has updated its IoT Security Compliance Framework following user feedback of the initial version, along with its IoT Security Best Practice Guidelines for the design of connected consumer products.
IoTSF plenary chair Richard Marshall said a major improvement in the new release was the move to a risk based approach making the framework as applicable to medical and industrial applications as it is to the original consumer market.
IoTSF says one of the significant enhancements to the compliance framework is the move to a risk based approach, which gives the framework more flexibility and greater applicability beyond earlier versions aimed at consumer-grade products.
It says the new framework is a practical tool for managers and developers who need to assure security, and could also be used as part of the purchasing function.
There are three escalating modes for IoT producers; as an internal assessment reference, a checklist to self-certify against, or by a third party conformity assessment body, potentially as part of an accredited certification scheme.
“The structured process of questioning and evidence gathering encourages optimal security mechanisms and practices to be implemented regardless of target application,” IoTSF says. “Existing users of the framework will be able to adopt the new release seamlessly as it is backward compatible.
IoTSF managing director John Moor called on test labs and the test community to make use of the framework to provide manufacturers with a common reference for third party certification.”
The framework can be downloaded from here.
New guideline for consumer IoT products
The IoTSF Best Practice Guidelines for Connect Consumer Productsare targeted at new and existing companies. IoTSF says they are intended to be pragmatic and easily consumable for those with limited security knowledge and cover the most common issues. They provide awareness and advice on the most salient elements that affect product, service and user security.
The IoTSF was formed in 2015 following a gathering of technology professionals and security experts at Bletchley Park in the UK to explore IoT security issues. It is a non-profit organisation dedicated to driving security excellence. Membership is open to individuals and organisations.
