Connect with us

Hi, what are you looking for?

Information Privacy

ISO/IEC 27402

ISO/IEC 27402 — Cybersecurity — IoT security and privacy — Device baseline requirements [Draft]

Introduction

This project documents the basics of IoT security, enabling the controls in ISO/IEC 27030 for IoT devices.

The scope of the standard

A ‘baseline’ or platform for IoT [Internet of Things] devices that support information security and privacy controls are specified in the standard.

Here are some examples of baseline [information security] requirements:

– Unique device identifier.
– A ‘factory reset’ feature.
– A program that lets me delete all my [personal] information.
– “Data protection” (access controls and integrity).
– Firmware and software patching/updating (I assume).

For specific applications (e.g. medical things), it is expected that additional security controls will be necessary and defined in future standards.

The content

To be determined

Status

At this point, the standard is in the Committee Draft stage.

A 2023 publication date has been set for it.

Commentary

This standard will be quite challenging to write due to the sheer dimension of connectable devices and the wide variety of data they exchange. Moreover, the pressures that manufacturers face due to market demands seem least likely to result in widespread voluntary adoption (which will require additional factors not covered by this standard).

There are a few notes in some sections of the standard, but the remainder is just a placeholder awaiting input.

 

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Information Privacy

ISO/IEC TS 27560 — Privacy technologies — Consent record information structure [Draft] Introduction For recording PII Principals’ (data subjects’) consent to data processing, this...

Cyber Security

ISO/IEC 27551 — Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication [Draft] Introduction Attribute-Based Unlinkable Entity Authentication permits formal...