Home / News, Views and Opinion / IoTSF announces major update to the IoT Security Compliance Framework
IoTSF announces major update to the IoT Security Compliance Framework
Move to a risk- based approach that gives the Framework more flexibility and greater applicability beyond earlier versions

IoTSF announces major update to the IoT Security Compliance Framework

The IoT Security Foundation (IoTSF) announces Release 2 of its IoT Security Compliance Framework following user feedback of the previous release.

A significant enhancement is a move to a risk based approach that gives the Framework more flexibility and greater applicability beyond earlier versions, which were aimed at consumer-grade products.



The new and improved Framework is a practical tool for managers and developers who need to assure security, it could also be used as part of the purchasing function.

IoTSF announces major update to the IoT Security Compliance Framework
Move to a risk- based approach that gives the Framework more flexibility and greater applicability beyond earlier versions

There are three escalating modes for IoT producers; as an internal assessment reference, a checklist to self-certify against, or by a third party conformity assessment body, potentially as part of an accredited certification scheme.

The structured process of questioning and evidence gathering encourages optimal security mechanisms and practices to be implemented regardless of target application. Existing users of the Framework will be able to adopt the new release seamlessly as it is backward compatible.

“There are lots of freely available descriptive white papers on IoT security, yet what that means for businesses is often unclear,” says Richard Marshall, Plenary Chair of IoTSF. “Working with our members, which include security experts and product engineers, the IoTSF Compliance Framework brings system and business facets together to provide a complete view of security.

“A major improvement in this release is the move to a risk based approach, meaning the Framework is as applicable to medical and industrial applications, as it is to the original consumer market. It is not only freely available, it is highly applicable and fully actionable.”

Alongside the Framework is a companion questionnaire, which is used to record evidence of conformity. Each tab in the questionnaire corresponds to sections in the Framework, where supporting evidence is referenced.

A revised version of the questionnaire accompanies release 2 and includes a simple tool to configure the strength of the three security goals of confidentiality, integrity and availability, which collectively determine the compliance class.

“We’ve received a lot of positive feedback from existing users of the Framework, and the great news today is that we’ve just made it a whole lot better,” adds John Moor, IoTSF Managing Director. “We’re calling on business and industry to ‘make it safe to connect’ – make use of the Framework and our guidance materials and get on the front foot when it comes to security. We’re specifically inviting test labs and the test community to make use of the Framework to provide manufacturers with a common reference for third party certification.”

The IoT Security Compliance Framework Revision 2 and the Questionnaire are free to download HERE.

Check Also

Resin boards for e-paper displays enable screen operation in demanding conditionsPervasive Displays’ line of rugged black, white and red displays – the 3.7-inch, 4.2-inch, 4.37-inch and 7.4-inch models – include a resin board attached to the glass substrate to protect the screen from breaking when bumped, dropped or knocked

Resin boards for e-paper displays enable screen operation in demanding conditions

Pervasive Displays (PDi), a leader in e-paper displays (EPDs), announces its new range of rugged …

COPA-DATA future-proofs its partner programme

COPA-DATA future-proofs its partner programme

COPA-DATA has strengthened its ability to grow with its partners in the future.  The independent …

RS Components launches RS platform across the Americas to enable easier design-in process for engineers

RS Components launches RS platform across the Americas

New site helps to bring joined-up design experience between DesignSpark and ease of purchase of …