This site maps global IoT security and privacy recommendations to the UK Government’s Code of Practice for Consumer IoT Security. The sources of data come from a host of recommendations and standards bodies, governments and cities through to individuals across the world.


03/10/21 The site is now re-orienting its work towards mapping against the international consumer IoT security standard ETSI EN 303 645, showing the successful defragmentation of recommendations in this space. Please visit: to see more details and new mappings and future candidates for mapping. Further details can also be found in this blog: 

This site will continue to be maintained, but no new mappings will be added here from this date onwards. All new mappings will be provided on the site.

15/07/20 The site was updated to include some new recommendations which have been mapped, including the recently approved ETSI EN for IoT security:

Additionally, we have identified further candidate specifications and recommendations which we will seek to map in the coming months including those which have been updated or deprecated. We have corrected some website links where documents have been moved (where possible).

As the market matures globally and centres around a core set of baseline security and privacy standards for IoT,  we have seen manufacturers ensuring that their products are compliant, throughout the hardware and software stack. Compliance schemes continue to be developed and launched, based around the standards and recommendations listed here. We will see future consolidation in compliance schemes too as the testing market matures and settles.

The candidates for the next update are:

Observed updated recommendations:

15/08/19 The site was updated to include a number of recommendations which have emerged or that have been sent to Copper Horse as a result of this site being created. The following additional recommendations are added:

19/02/19 The site was updated to include the ETSI TS ‘Cyber Security for Consumer Internet of Things’, TS 103 645. We have a number of specification and recommendation mappings in the pipeline, including the IoT Security Foundation’s Release 2.0 of its specifications, also mapped to the ETSI publication today.

The site is designed to visually show two main things. First of all, how the UK Government’s Code of Practice (CoP) for IoT security maps to existing IoT security and privacy recommendations. Secondly, how the material that those existing organisations referenced themselves fits together to provide an overall picture of the IoT security ecosystem.

The mappings are designed to be used by any entity interested in how to meet the recommendations of the CoP, the emerging standards and recommendations within the IoT space around the world and to understand the level of consensus and fragmentation.

The work is further described in detail in the UK Government paper Mapping of IoT Security Recommendations, Guidance and Standards to the UK’s Code of Practice for Consumer IoT Security (pdf).

Example external references mapping diagram

How to use this site?

The menu links from this page take you to individual visual mappings for the individual guidelines. In addition, there is a page with an external reference mapping, which is sourced from the external references used in the documentation of the organisations who developed the various recommendations and standards. This is useful to see what material and what organisations are regularly referenced and used, by whom. From these pages you can also download files which contain open data datasets of the mappings to use yourself and within your company.

Feedback and further input is welcomed, more details can be found on the Frequently Asked Questions page.

search previous next tag category expand menu location phone mail time cart zoom edit close