Connect with us

Hi, what are you looking for?

Information Privacy

ISO/IEC 27402

ISO/IEC 27402 — Cybersecurity — IoT security and privacy — Device baseline requirements [Draft]

Introduction

This project documents the basics of IoT security, enabling the controls in ISO/IEC 27030 for IoT devices.

The scope of the standard

A ‘baseline’ or platform for IoT [Internet of Things] devices that support information security and privacy controls are specified in the standard.

Here are some examples of baseline [information security] requirements:

– Unique device identifier.
– A ‘factory reset’ feature.
– A program that lets me delete all my [personal] information.
– “Data protection” (access controls and integrity).
– Firmware and software patching/updating (I assume).

For specific applications (e.g. medical things), it is expected that additional security controls will be necessary and defined in future standards.

The content

To be determined

Status

At this point, the standard is in the Committee Draft stage.

A 2023 publication date has been set for it.

Commentary

This standard will be quite challenging to write due to the sheer dimension of connectable devices and the wide variety of data they exchange. Moreover, the pressures that manufacturers face due to market demands seem least likely to result in widespread voluntary adoption (which will require additional factors not covered by this standard).

There are a few notes in some sections of the standard, but the remainder is just a placeholder awaiting input.

 

You May Also Like

Information Security

ISO 27001 Clause 6.1.3 Information security risk treatment Required activity The organization defines and applies a risk treatment process for information security. Guidelines for...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Compliance

5. 1 Management direction for information security ISO 27001 Annex : A.5 Information Security Policies – Its objective is to provide management guidance and...

Governance

This article explains A.14.1 Security Requirements of Information Systems & A.14.1.1 Information Security Requirements Analysis and Specification. A.14.1 Security Requirements of Information Systems The...