All devices and services should operate on the “principle of least privilege”; unused ports should be closed, hardware should not unnecessarily expose access, services should not be available if they are not used and code should be minimised to the functionality necessary for the service to operate. Software should run with appropriate privileges, taking account of both security and functionality.
The principle of least privilege is a foundation stone of good security engineering, applicable to IoT as much as in any other field of application.
Primarily applies to: Device Manufacturers, IoT Service Providers
View a full-screen version of this mapping
Download this data