Less than 10% of consumer IoT companies follow Vulnerability Disclosure guidelines
0

Release 2 is ‘freely available and highly applicable’

The IoT Security Foundation (IoTSF) announces ‘Release 2’ of its IoT Security Compliance Framework today following user feedback of the previous release. A significant enhancement is a move to a risk based approach that gives the Framework more flexibility and greater applicability beyond earlier versions, which were aimed at consumer-grade products.

The IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT eco-system and inclusive of all parties including technology providers and service beneficiaries. IoTSF was formed as a response to existing and emerging threats in the Internet of Things applications.
The new and improved Framework is a practical tool for managers and developers who need to assure security, it could also be used as part of the purchasing function. There are three escalating modes for IoT producers; as an internal assessment reference, a checklist to self-certify against, or by a third party conformity assessment body, potentially as part of an accredited certification scheme. The structured process of questioning and evidence gathering encourages optimal security mechanisms and practices to be implemented regardless of target application. Existing users of the Framework will be able to adopt the new release seamlessly as it is backward compatible.
“There are lots of freely available descriptive white papers on IoT security, yet what that means for businesses is often unclear,” says Richard Marshall, Plenary Chair of IoTSF. “Working with our members, which include security experts and product engineers, the IoTSF Compliance Framework brings system and business facets together to provide a complete view of security. A major improvement in this release is the move to a risk based approach, meaning the Framework is as applicable to medical and industrial applications, as it is to the original consumer market. It is not only freely available, it is highly applicable and fully actionable.”
Alongside the Framework is a companion questionnaire, which is used to record evidence of conformity. Each tab in the questionnaire corresponds to sections in the Framework, where supporting evidence is referenced. A revised version of the questionnaire accompanies release 2 and includes a simple tool to configure the strength of the three security goals of confidentiality, integrity and availability, which collectively determine the compliance class.
“We’ve received a lot of positive feedback from existing users of the Framework, and the great news today is that we’ve just made it a whole lot better,” adds John Moor, IoTSF Managing Director. “We’re calling on business and industry to ‘make it safe to connect’ – make use of the Framework and our guidance materials and get on the front foot when it comes to security. We’re specifically inviting test labs and the test community to make use of the Framework to provide manufacturers with a common reference for third party certification.”
The IoT Security Compliance Framework Revision 2 and the Questionnaire are free to download at: www.iotsecurityfoundation.org/best-practice-guidelines

About the Internet of Things Security Foundation (IoTSF)
The mission of IoTSF is to help secure the Internet of Things, in order to aid its adoption and maximize its benefits. To do this IoTSF will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.
IoTSF promotes the security values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at key stages of the IoT eco-system – those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.

More in News

You may also like