Download Publication
CSA IoT Security Controls Framework v2
Release Date: 01/28/2021
Working Group: Internet of Things
• Updated Controls - All Controls have been reviewed and updated for technical clarity
• New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
• New Legal Domain - Introduces relevant legal controls
• New Security Testing Domain - Introduces Security testing of architectural allocations.
• Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.
Download this Resource
Prefer to access this resource without an account? Download it now.
Acknowledgements
Brian Russell
Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...
Aaron Guzman
Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...
Ashish Vashishtha
Security Compliance Leader
Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...
Renu Bedi
Manager-IT Security
Hillary Baron
Senior Technical Director - Research, CSA
Ramon Codina
Umesh Jaiswal
Raj Sachdev
Interested in helping develop research with CSA?
Related Certificates & Training
Learn more