New Controls Framework provides guidance for managing IoT risks

Published: Monday, 11 March 2019 09:54

The Cloud Security Alliance (CSA) has announced the release of its new IoT Controls Framework, which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments.

Created by the CSA IoT Working Group, the new Framework, together with its companion piece, the Guide to the CSA Internet of Things (IoT) Controls Framework, provide organizations with the context in which to evaluate and implement an enterprise IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies.

With the implementation of increasingly complex IoT systems organizations need clear guidance to identify appropriate security controls and allocate them to specific components within their system. These components include but are not limited to simple sensors, simple actuators, edge devices, fog computing, mobile device/application, on-premise intermediary device, cloud gateway, and cloud app/service.

Utilizing the Framework, user owners will assign system classification based on the value of the data being stored and processed and the potential impact of various types of physical security threats. Regardless of the value assigned, the Framework has uses across numerous IoT domains from systems processing only ‘low-value’ data with limited impact potential, to highly sensitive systems that support critical services.

Obtain the IoT Controls Framework and the Guide (registration required).