Connect with us

Hi, what are you looking for?

Cyber Security

ISO/IEC 27071

Information technology — Security techniques — Security guidelines for establishing trusted connections between device and service [Draft]


The standard aims to provide trustworthy authentication between distributed devices (like sensors and other IoT devices) and cloud-based communications using Public Key Infrastructures and Hardware Security Modules.

Scope and objectives

In this standard, an architecture for trusted connections between devices and services is outlined, including recommendations for HSMs, establishing roots of trust, identity, authentication, and key attestation, and providing data integrity and authentication.

The content

A 30-page document.

The standard’s status

Currently, the standard is at the 4th Working Draft stage.

In 2023, it is scheduled for publication.


The following scenario illustrates why mutual authentication is needed. Suppose your electric car keeps detailed technical information about the places it has been driven to, the way it has been driven, how much battery power it has, and so on. In exchange for a warranty extension, driving tips, or warning of issues requiring a service visit, you agree to share information with the vehicle manufacturer regularly through a 4G or 5G connection to a car monitoring app. What is the manufacturer’s method for determining that the data uploaded by your car is your car, not an altered or cloned version? How can the car monitor app ensure that it is being monitored by its manufacturer, not by some naughty hacker searching for your movements and habits for blackmail or kidnap, or by an insurance agent checking your driving record to conclude your risk profile?

You May Also Like

Information Security

ISO 27001 Clause 6.1.3 Information security risk treatment Required activity The organization defines and applies a risk treatment process for information security. Guidelines for...


ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...


5. 1 Management direction for information security ISO 27001 Annex : A.5 Information Security Policies – Its objective is to provide management guidance and...


This article explains A.14.1 Security Requirements of Information Systems & A.14.1.1 Information Security Requirements Analysis and Specification. A.14.1 Security Requirements of Information Systems The...