Publication Peer Review
CSA IoT Security Controls Framework v2
The IoT Security Controls Framework is relevant for enterprise IoT systems
that incorporate multiple types of connected devices, cloud services, and
networking technologies. The Framework has utility across many IoT domains
from systems processing only “low-value” data with limited impact
potential, to highly sensitive systems that support critical services. The
classification of a system is assigned by the system owner based on the
value of the data being stored and processed and the potential impact of
various types of physical security threats.
Updates for version 2 include...
controls to architectural components.
that incorporate multiple types of connected devices, cloud services, and
networking technologies. The Framework has utility across many IoT domains
from systems processing only “low-value” data with limited impact
potential, to highly sensitive systems that support critical services. The
classification of a system is assigned by the system owner based on the
value of the data being stored and processed and the potential impact of
various types of physical security threats.
Updates for version 2 include...
- Updated Controls - All Controls have been reviewed and updated for
- New Domain Structure - Control domains have been reviewed and updated to
- New Legal Domain - Introduces relevant legal controls
- New Security Testing Domain - Introduces Security testing of
- Simplified Infrastructure Allocations - Device types have been
controls to architectural components.