Circle
Events
Blog

Download Publication

CSA IoT Security Controls Framework v2
CSA IoT Security Controls Framework v2

CSA IoT Security Controls Framework v2

Release Date: 01/28/2021

Working Group: Internet of Things

The IoT Security Controls Framework Version 2 is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats. 

Updates for Version 2 include...
• Updated Controls - All Controls have been reviewed and updated for technical clarity
• New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
• New Legal Domain - Introduces relevant legal controls
• New Security Testing Domain - Introduces Security testing of architectural allocations.
• Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.

The Guide to the IoT Security Controls Framework Version 2 provides instructions for using the companion CSA IoT Security Controls Framework v2. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.

Fill out this form to access this resource.

In my current job I work in:

Can we send you emails about other CSA projects?

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

Can we send you emails about other CSA projects?

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

Download
Provide feedback on this form

Acknowledgements

Brian Russell Headshot
Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...

Read more

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 75 CSA projects completed by CSA's Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, Software-Defined Perimeter, Applications, Containers, and Microservices, and other working groups. In, 2020 he also served as co-chair to CSA's Enterprise Architecture and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, S...

Read more

​Aaron Guzman Headshot
​Aaron Guzman

​Aaron Guzman

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...

Read more

Ashish Vashishtha Headshot
Ashish Vashishtha
Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Ashish Vashishtha

Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Renu Bedi Headshot
Renu Bedi
Manager-IT Security

Renu Bedi

Manager-IT Security

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?