Cloud 101CircleEventsBlog
As a CSA Member, get access to professionally produced product demo videos through our partnership with Demo Forum. Learn more!

Download Publication

IoT Controls Matrix v3
IoT Controls Matrix v3

IoT Controls Matrix v3

Release Date: 04/25/2022

Working Group: Internet of Things

The IoT Security Controls Matrix is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats. 

Changes for Version 3: 

  • Increased number of controls from 155 to 198
  • New domain - Incident Management
  • Improved technical clarity of controls and references
To learn how to use the matrix to evaluate and implement an IoT system for your organization, also check out the Guide to the IoT Security Controls Matrix v3

Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
Zero Trust Privacy Assessment and Guidance
Zero Trust Privacy Assessment and Guidance
Fully Homomorphic Encryption: A Comprehensive Guide for Cybersecurity Professionals - Japanese Translation
Fully Homomorphic Encryption: A Comprehensive G...
Zero Trust Guidance for Small and Medium Size Businesses (SMBs) - Japanese Translation
Zero Trust Guidance for Small and Medium Size B...
Simplicity is Complexity Resolved
Simplicity is Complexity Resolved
Published: 02/20/2025
Dark Patterns: Understanding Their Impact, Harm, and How the CPPA is Cracking Down
Dark Patterns: Understanding Their Impact, Harm, and How the CPPA i...
Published: 02/19/2025
How AI Will Change the Role of the SOC Team
How AI Will Change the Role of the SOC Team
Published: 02/19/2025
What is a Virtual CISO (vCISO) and Should You Have One on Your Team?
What is a Virtual CISO (vCISO) and Should You Have One on Your Team?
Published: 02/18/2025

Acknowledgements

​Aaron Guzman
​Aaron Guzman

​Aaron Guzman

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...

Read more

Brian Russell
Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. H...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training