Download Publication
Guide to the Internet of Things (IoT) Security Controls Framework v2 - Chinese Translation
Release Date: 02/07/2022
Working Group: Internet of Things
This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].
The Guide to the IoT Security Controls Framework Version 2 provides instructions for using the companion CSA IoT Security Controls Framework v2. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.
The IoT Security Controls Framework Version 2 is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats.
The Guide to the IoT Security Controls Framework Version 2 provides instructions for using the companion CSA IoT Security Controls Framework v2. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.
The IoT Security Controls Framework Version 2 is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats.
Updates for Version 2 include...
• Updated Controls - All Controls have been reviewed and updated for technical clarity
• New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
• New Legal Domain - Introduces relevant legal controls
• New Security Testing Domain - Introduces Security testing of architectural allocations.
• Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.
• Updated Controls - All Controls have been reviewed and updated for technical clarity
• New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
• New Legal Domain - Introduces relevant legal controls
• New Security Testing Domain - Introduces Security testing of architectural allocations.
• Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.
Download this Resource
Prefer to access this resource without an account? Download it now.
Are you a research volunteer? Request to have your profile displayed on the website here.
Interested in helping develop research with CSA?
Related Certificates & Training
Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more