Zero Trust

 View Only

Device and OT/IoT Security Standards

  • 1.  Device and OT/IoT Security Standards

    Posted May 30, 2023 01:03:00 PM

    Thanks to Rajesh Murthy for sharing this list of standards that we may want to explore for our work with Zero Trust device and critical infrastructure security :

    1. UL2900 series
    2. ISO 30141 series and IEEE 2413 provide a good reference architecture model to work on for multiple verticals. IEEE is technical, and ISO provides view of lifecycle approach
      1. IEEE also has several other standards (am an officer for one of them, p2994) that pertains to securing smart sensors and IOT systems
      2. The IEEE P2933 standard on medical things clinical data and interoperability based on TIPPSS (am part of the working group) is almost close to completion and may be released for ballot once we the working group finalize the draft
      3. There are several others but we can choose given the focus here is more on the cloud interactions than core device interactions
    3. I recollect reading an article from NIST(?) differentiating IOT and CPS. This may be a good read for our group
    4. IOT Security Foundations, GSMA Security Guidelines, and the ETSI ENISA frameworks are useful as well
    5. ITU IOT Reference frameworks contains several useful concepts, particularly from networking perspectives and is useful when considering end to end security architectures (and challenges)
    6. There is also the IIOT and AIIOT
    7. NIST 800-160 (on engineering trustworthy secure systems), NIST 800-183 (Network of Things), NIST IR 8228 (considerations for IOT cybersecurity and privacy risks) and NIST IR 8259 (foundational activities for device manufacturers) are also useful


    ------------------------------
    Erik Johnson CCSK, CCSP, CISSP, PMP
    Senior Research Analyst
    Cloud Security Alliance
    [email protected]
    ------------------------------