Connect with us

Hi, what are you looking for?

Information Privacy

ISO/IEC 27402

ISO/IEC 27402 — Cybersecurity — IoT security and privacy — Device baseline requirements [Draft]

Introduction

This project documents the basics of IoT security, enabling the controls in ISO/IEC 27030 for IoT devices.

The scope of the standard

A ‘baseline’ or platform for IoT [Internet of Things] devices that support information security and privacy controls are specified in the standard.

Here are some examples of baseline [information security] requirements:

– Unique device identifier.
– A ‘factory reset’ feature.
– A program that lets me delete all my [personal] information.
– “Data protection” (access controls and integrity).
– Firmware and software patching/updating (I assume).

For specific applications (e.g. medical things), it is expected that additional security controls will be necessary and defined in future standards.

The content

To be determined

Status

At this point, the standard is in the Committee Draft stage.

A 2023 publication date has been set for it.

Commentary

This standard will be quite challenging to write due to the sheer dimension of connectable devices and the wide variety of data they exchange. Moreover, the pressures that manufacturers face due to market demands seem least likely to result in widespread voluntary adoption (which will require additional factors not covered by this standard).

There are a few notes in some sections of the standard, but the remainder is just a placeholder awaiting input.

 

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...