This site maps global IoT security and privacy recommendations to the UK’s Code of Practice for Consumer IoT Security, produced by the Department for Digital, Culture, Media & Sport (DCMS). The sources of data come from a host of recommendations and standards bodies, governments and cities through to individuals across the world.
05/08/19 The site was updated to include a number of recommendations which have emerged or that have been sent to Copper Horse as a result of this site being created. The following additional recommendations are added:
- Cellular Telecommunications Industry Association (CTIA) – CTIA Cybersecurity Certification Test Plan for IoT Devices
- Council to Secure the Digital Economy (CSDE) – International Anti-Botnet Guide 2018
- IoT Acceleration Consortium (IOTAC) – IoT Security Guidelines Ver. 1.0
- IoT Security Foundation – IoT Security Compliance Framework 2.0 (update to previous version)
- ioXt Alliance – The ioXt Security Pledge
- Korea Internet & Security Agency (KISA) – IoT Security Certification Service (IoT-SAP*)
- Mozilla – Minimum Security Standards for Tackling IoT Security
- National Institute of Standards and Technology (NIST) – Considerations for a Core IoT Cybersecurity Capabilities Baseline
- Open Connectivity Foundation (OCF) – OCF Security Specification v2.0.1
- PSA Certified – Critical security questions for chip vendors, OS providers and OEMs
- UL – IoT Security Top 20 Design Principles
- W3C Web of Things (WoT) – Security Best Practices Editors draft 14th June 2019
19/02/19 The site was updated to include the ETSI TS ‘Cyber Security for Consumer Internet of Things’, TS 103 645. We have a number of specification and recommendation mappings in the pipeline, including the IoT Security Foundations Release 2.0 of their specifications, also mapped to the ETSI publication today.
The site is designed to visually show two main things. First of all, how the DCMS Code of Practice (CoP) for IoT security maps to existing IoT security and privacy recommendations. Secondly, how the material that those existing organisations referenced themselves fits together to provide an overall picture of the IoT security ecosystem.
The mappings are designed to be used by any entity interested in how to meet the recommendations of the CoP, the emerging standards and recommendations within the IoT space around the world and to understand the level of consensus and fragmentation.
The work is further described in detail in the DCMS paper Mapping of IoT Security Recommendations, Guidance and Standards to the UK’s Code of Practice for Consumer IoT Security (pdf).
How to use this site?
The menu links from this page take you to individual visual mappings for the individual guidelines. In addition, there is a page with an external reference mapping, which is sourced from the external references used in the documentation of the organisations who developed the various recommendations and standards. This is useful to see what material and what organisations are regularly referenced and used, by whom. From these pages you can also download files which contain open data datasets of the mappings to use yourself and within your company.
Feedback and further input is welcomed, more details can be found on the Frequently Asked Questions page.