The Internet of Things Security Foundation (IoTSF) has announced the publication of its IoT Security Compliance Framework at its annual conference in London.
The Internet of Things Security Foundation (IoTSF) has announced the publication of its IoT Security Compliance Framework at its annual conference in London that took place on 6th December.
The framework is part of IoTSF’s mission to drive the quality and pervasiveness of security in IoT. IoTSF is promoting the Supply Chain of Trust concept which encourages producers to adopt a duty of care for their own customers and towards the wider eco-system. This is necessary because poorly secured connected products may provide a vulnerability point to attack the system elsewhere such as in a denial of service attack.
The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements.
The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers.
The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on releases are expected to further add requirements from additional application domains.
John Haine, Chairman of IoTSF said, “I’d like to commend all the contributors to the framework, especially the participants of the working group, for working hard to achieve the brief we gave them and in a timely manner. Poorly secured IoT devices are low hanging fruit for hackers and offer a wide range of attack types such as denial of service and extortion through malware. This is just the beginning and given what is at stake for citizens and society it is not surprising that more voices are calling for regulation, which now seems inevitable. The compliance framework is a well-designed and practical approach that companies can adopt to take care of matters right now and position themselves for future eventualities. We therefore strongly encourage industry to start using the framework with immediate effect and engage with us to help ensure it remains future-proof and fit for purpose”.
The IoT security compliance framework is free to download and use from the IOT Security Foundation