Standard

IEEE WHITE PAPER

Published

Note: This standard has a new edition: IEEE WHITE PAPER

Singles purchase not accessible

This standard can not be purchased as a single sales.

Abstract

PURPOSE The IEEE IoT Sensor Devices Cybersecurity Framework is intended to provide companies with a vested interest in the cybersecurity of IoT Sensor Devices with a “threat modeling.”4 This framework provides a basic view of the IoT Sensor Devices’ cybersecurity posture. It will help companies become aware of threats and standard-based remedies and develop cybersecurity products. This framework recommends key IoT Sensor Devices standards and capabilities within a cyber threat modeling perspective. It will assist the reader to: • Understand current IoT vulnerabilities • Define IoT requirements • Assess its organization’s unique IoT requirements • Design cybersecurity into IoT Sensor Devices • Develop an IoT Zero Trust Architecture (ZTA) • Assess the cybersecurity of IoT Sensor Devices The reader will also be made aware of the framework’s major components, including test requirements, test planning, and IEEE IoT Sensor Devices certification. The Test Plan (see [1]) and other related certification procedures are listed in Appendix A. The IEEE IoT Sensor Devices Cybersecurity Framework is intended to provide IoT Sensor Devices developers, distributors, and IoT enterprise engineers with a baseline testing criterion to support assurance of usage. The IoT Sensor Devices engineer has the flexibility to adapt the product testing criteria and determine the appropriate testing evidence applicable to the operational environment.5 This framework is a strategy in which product development, test planning, and execution can be integrated. The IoT Sensor Devices engineer and/or the IoT field engineer may choose to conduct testing in a controlled or isolated environment to validate the IoT Sensor Devices device, device, component, software, platform, and supporting interfaces for “Root of Trust” assurance. A vulnerability in any of those components could compromise the trustworthiness of the IoT security mechanisms that rely upon those components. Stronger security assurances via IoT testing criteria may be possible by grounding security mechanisms in roots of trust. That is the driving scope of IoT testing criteria. Roots of trust are highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design.6 4 Review (NIST, Establishing IoT Device Cybersecurity Requirements, 2021 [4]) 5 NIST, Recommended Criteria for Cybersecurity labeling of IoT Products, 2022 [5].

Document information

  • Standard from IEEE_AC
  • Published:
  • Version: 0
  • Document type: IS