Skip to main content
Version: 4.0

IoTSF-resources-that-support-the-framework

1.4 IoTSF Resources that support the Framework

The IoTSF provides a number of resources to foster security best practice:

  • This Framework document is a structured list of security requirements intended to aid the evidence gathering process to guide an organisation through assurance.

  • The Assurance Questionnaire is a companion audit and assessment tool to the Framework to aid the setting of security objectives and thereafter the collection of documentation and evidence. This tool is available as an IoTSF members’ benefit, without charge.

  • Additional Best Practice Guidelines are provided by the Foundation to help understanding of the most important topics [IOTSF.SD-BPG]1.

  • IoTSF Vulnerability Disclosure Guidelines [IOTSF.VDISC-BPG]2.

  • Further resources including guides, documents, articles and blogs can be found on the IoTSF website**.**

All IoTSF publications are maintained and reviewed on a regular basis to keep them current – which is a crucial attribute, given the dynamic nature of cyber security.

This is the latest public release and user feedback is welcome as part of its maintenance and evolution for addressing new security threats. You can send feedback and suggestions to improve the Framework by emailing contact@iotsecurityfoundation.org with a subject line of “Assurance Framework Feedback”.

1.4.1.1 Assurance Questionnaire

The Assurance Questionnaire has filters on the requirements

1.4.2 Changes from Release 3.0 of the Framework

Release 4.0 of the IoTSF IoT Security Assurance Framework has seen extensive review and updates to many requirements to provide clarity and/or ensure alignment with current industry practice. The Assurance Framework Questionnaire (available to IoTSF Members) includes expanded mapping to standards that have emerged since the last release.

Highlights for this release:

  • Removed: Content of Supply Chain appendix – this is now a separate white paper in the IoTSF portfolio

  • Added – Development Infrastructure section covering practices related to development environment security

  • Changed Reference numbers to RFC2119 style alphanumeric format

The Assurance Applicability (requirements) elements detailed in section 2.4 and the numbering have been maintained where possible from prior releases of the Framework to maintain consistency.

Footnotes

  1. IoTSF "Secure Design Best Practice Guides", Release 2, November 2019. https://iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf.

  2. IoTSF "Vulnerability Disclosure Best Practice Guidelines", Release 2.0, September 2021. https://iotsecurityfoundation.org/wp-content/uploads/2021/09/IoTSF-Vulnerability-Disclosure-Best-Practice-Guidelines-Release-2.0.pdf.