The Internet of Things Security Foundation (IoTSF) announced the publication of its Internet of Things (IoT) security compliance framework, part of the organizations’s mission to drive the quality and pervasiveness of security in IoT.
IoTSF is promoting the “Supply Chain of Trust” concept, which encourages producers to adopt a duty of care for their own customers and toward the wider ecosystem. This is needed because poorly secured connected products might provide a vulnerability point to attack systems elsewhere such as in a denial-of-service attack.
The framework provides a comprehensive and practical checklist to guide organizations through a security assuring process. It offers a methodical approach to determining an organization’s unique security posture for business processes and technical requirements.
The framework is designed to be used by key staff such as senior management, technical, manufacturing and logistics from companies, yet could also be used by purchasers to assess suppliers. It’s designed to be generally applicable and extendable with release 1.0 aimed at the consumer product category.
“From the early days of the foundation it was clear that a great deal of remedial work was necessary to help companies that are new to connected products accelerate their understanding of security and provision appropriate measures into their products and business processes,” said John Moor, managing director of IoTSF. “We therefore mandated a working group to look at a self-certification process that was flexible, comprehensive and fit for purpose over the longer term,” Moor said.
