Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Download Publication

Guide to the IoT Controls Matrix v3
Guide to the IoT Controls Matrix v3
Who it's for:
  • auditors
  • security architects
  • developers
  • security engineers
  • penetration testers

Guide to the IoT Controls Matrix v3

Release Date: 04/25/2022

The Guide to the IoT Security Controls Matrix provides instructions for using the companion CSA IoT Security Controls Matrix v3. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation. 

The IoT Security Controls Matrix is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats. 
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The State of Security Remediation 2024
The State of Security Remediation 2024
Key Management Lifecycle Best Practices
Key Management Lifecycle Best Practices
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endorses Zero Trust
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endor...
Published: 02/28/2024
The Hidden Certificates in Your Organization: How to Find Them
The Hidden Certificates in Your Organization: How to Find Them
Published: 02/26/2024
3 Critical Steps for Application Security Teams in 2024
3 Critical Steps for Application Security Teams in 2024
Published: 02/23/2024
Zero Trust Messaging Needs a Reboot
Zero Trust Messaging Needs a Reboot
Published: 02/16/2024

Acknowledgements

​Aaron Guzman
​Aaron Guzman

​Aaron Guzman

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...

Read more

Brian Russell
Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...

Read more

Michael Roza
Michael Roza
Head of Risk, Audit, Control and Compliance

Michael Roza

Head of Risk, Audit, Control and Compliance

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training