Skip to main content

IoTSF-resources-that-support-the-framework

1.4 IoTSF Resources that support the Framework

The IoTSF provides a number of resources to foster security best practice:

  • This Framework document [ref 19]1 is a structured list of security requirements intended to aid the evidence gathering process to guide an organisation through assurance.

  • The Assurance Questionnaire is a companion audit and assessment tool to the Framework to aid the setting of security objectives and thereafter the collection of documentation and evidence. The Assurance Questionnaire is available to IoTSF members only for free.

  • Additional Best Practice Guidelines are provided by the Foundation to help understanding of the most important topics [ref 45]2.

  • Further resources including guides, documents, articles and blogs can be found on the IoTSF website.

All IoTSF publications are maintained and reviewed on a regular basis to keep them current – which is a crucial attribute, given the dynamic nature of cyber security.

This is the latest public release and user feedback is welcome as part of its maintenance and evolution for addressing new security threats. You can send feedback and suggestions to improve the Framework by emailing contact@iotsecurityfoundation.org with a subject line of “Assurance Framework Feedback”.

1.4.1 Changes from Release 2.1 of the Framework

Release 2.1 of the Framework was restricted to consumer class products. This Release 3.0 of the Framework includes expanded mapping to standards that have emerged since release 2.1 was published and introduced additional sub sections. New items for this release:

  • Change of name from “Compliance Framework” to “Assurance Framework”
  • Updated requirements mapping to ETSI standard EN 303 645
  • Added new requirements mapping for NIST standard 8259A
  • Expanded the Supply Chain section’s requirements

The Assurance Applicability (requirements) elements detailed in section 2.4 and the numbering have been maintained where possible from prior releases of the Framework to maintain consistency.

Footnotes

  1. IoTSF Vulnerability Disclosure Guidelines can be found [https://iotsecurityfoundation.org/best-practice-guidelines]

  2. IoTSF Best Practice Guidelines for Connected Consumer Products V1.1 includes at time of publication individual guidelines for the following topics: A. Classification of data

    B. Physical security

    C. Device secure boot

    D. Secure operating system

    E. Application security

    F. Credential management

    G. Encryption

    H. Network connections

    J. Securing software updates

    K. Logging

    L. Software update policy [https://www.iotsecurityfoundation.org/best-practice-guidelines/#ConnectedConsumerProducts ]