Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda...
Transcript of Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda...
![Page 1: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/1.jpg)
1
Engaging with IoT Security Best Pract ices IoTSF Conference 2018 4th December 2018
Richard M arshall IoTSF Plenary Chair
IoTSF Conference 2018 4-Dec-18
![Page 2: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/2.jpg)
Working Groups
Plenary Chair
Richard Marshall
Compliance Framework
WG1
Chris Shire Trevor Hall
Best Practice WG2
Jeff Day Roger Shepherd
Test and Compliance
WG3
Richard Marshall (Acting)
Responsible Disclosure
WG4
Craig Heath
Consumer Architecture
WG5
Daniel Ng Paul Kearney
Smart Buildings
WG6
James Willison Sarb Sembhi
Trustmark WG7
Chris Torr
4-Dec-18 IoTSF Conference 2018 2
![Page 3: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/3.jpg)
Release 1.0
3
RELEASE 1.0
IoTSF Conference 2018 4-Dec-18
![Page 4: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/4.jpg)
Change of Scope from Consumer to generic
Compliance Framework 2.0 – Expanded compliance requirements
– Improved compliance checklist
Best Practice Guides – Architectures
Release 2.0
4 IoTSF Conference 2018 4-Dec-18
![Page 5: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/5.jpg)
WG Document Context
5 IoTSF Conference 2018
CIA
Conformance Assessment
Consumer Management
Context
Compliance Framework
Enterprise Management
Context
CIA CIA
Smart Buildings
Management Context
4-Dec-18
![Page 6: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/6.jpg)
6
What’s new in the Compliance Framework 2.0?
Engaging with IoT Security Best Practices Chris Shire Infineon
IoTSF Conference 2018 4-Dec-18
![Page 7: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/7.jpg)
Who is the Compliance Framework for:
For Managers in organisations that provide IoT products, technology and or services
For Developers and Engineers, Logist ics and Manufacturing Staff , it provides a detailed checklist to use in their daily work and in project reviews to validate the use of best practice by different functions
For Supply Chain Managers, the structure can be used to guide the auditing of security practices.
Audience
7 IoTSF Conference 2018 4-Dec-18
![Page 8: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/8.jpg)
Release 2.0 to be published today
What’s New with Version 2? Introduces Key Requirements for IoT Security
IoTSF Conference 2018 8
M anagement Governance
Engineered for Security
Fit for Purpose Cryptography
Secure Network Framework and Applications
Secure Production Processes and Supply Chain
Safe and Secure for the Customer
4-Dec-18
![Page 9: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/9.jpg)
New Framework 2.0 - outcome
Look and Feel : Simpler Clearer Easily O rganised Faster to Adopt
9 IoTSF Conference 2018 4-Dec-18
![Page 10: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/10.jpg)
– Cover how to use: – The Compliance Framework 2.0 – Checklist – Best Practice Guides
How to use them…
10 IoTSF Conference 2018 4-Dec-18
![Page 11: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/11.jpg)
11
Introducing the Best Pract ice Guides
Engaging with IoT Security Best Practices Jeff Day BT
IoTSF Conference 2018 4-Dec-18
![Page 12: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/12.jpg)
IoTSF Conference 2018 12 4-Dec-18
![Page 13: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/13.jpg)
IoTSF Conference 2018 13 4-Dec-18
![Page 14: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/14.jpg)
IoTSF Conference 2018 14
Donald Rumsfeld (former U.S. Secretary of Defense) response to a question at a U.S. Department of Defense news briefing on February 12, 2002 about the lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups.
“There are known knowns. There are things we know we know. We also know there are known unknowns. That is to say, we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.”
4-Dec-18
![Page 15: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/15.jpg)
IoTSF Conference 2018 15 4-Dec-18
![Page 16: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/16.jpg)
IoTSF Conference 2018 16 4-Dec-18
![Page 17: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/17.jpg)
IoTSF Conference 2018 17
A - Classification of Data B - Physical Security C - Device Secure Boot D - Secure Operating System E - Application Security F - Credential Management G - Encryption H - Network Connections J - Securing Software Updates K - Logging L - Software Update Policy
4-Dec-18
![Page 18: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/18.jpg)
18
How to use the Compliance Framework Release 2.0
Engaging with IoT Security Best Practices Chris Shire Infineon
IoTSF Conference 2018 4-Dec-18
![Page 19: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/19.jpg)
IoTSF Compliance Framework V2.0 O verview Agenda
Introduction W hat’s New H ow to use the Framework Next Steps
IoTSF Conference 2018 19 4-Dec-18
![Page 20: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/20.jpg)
IoTSF Compliance Framework Introduction
Allows an IoT product to be assessed for security – Can be self-assessed or used by a 3rd party
The collective output of 30+ IoTSF members and 2+ years of work. Requires expertise, time and effort
IoTSF Conference 2018 20 4-Dec-18
![Page 21: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/21.jpg)
IoTSF Compliance Framework Introduction
W hy use it? W hat is inside? W ho should use it? H ow to use it? W hen to use it?
If an IoT product has risks 200+ checks and hints Anyone involved with IoT Employ security experts From product conception
IoTSF Conference 2018 21 4-Dec-18
![Page 22: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/22.jpg)
Framework Outline
IoTSF Conference 2018 22
Key Requirements Objective Management governance There must be a named executive responsible for product security, and privacy of
customer information. Engineered for security The hardware and software must be designed with attention to security threats.
Fit for purpose cryptography These functions should be from the best practice industry standards.
Secure network framework and applications
Precautions have been taken to secure Apps, web interfaces and server software
Secure production processes and supply chain
Making sure the security of the product is not compromised in the manufacturing process or in the end customer delivery and installation.
Safe and secure for the customer The product is safe and secure "out of the box" and in its day to day use.
4-Dec-18
![Page 23: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/23.jpg)
What’s New with Version 2: K eywords
IoTSF Conference 2018 23 4-Dec-18
![Page 24: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/24.jpg)
What Else? Deletions & Additions
O ne schema for all applications – Compliance Class varies by risk appetite
Deleted: – Product Categories
Additions: – K eywords for each requirement to ease assessment – User Guidance – Enhanced introduction with Benefits and K ey
Requirements.
IoTSF Conference 2018 24 4-Dec-18
![Page 25: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/25.jpg)
IoTSF Compliance Framework Step by Step…
IoTSF Conference 2018 25
Conduct Risk Analysis on the Product in the
Target Environment
•Create Risk Register •Determine CIA-Triad Security Objectives
Determine Compliance Class Applicable to the
Product
•Compliance Class based on Security Objectives •Documented Product Environment
Respond to Each Requirement in
Framework
•Complete Compliance Checklist(Excel) •Reference Evidence Documents
4-Dec-18
![Page 26: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/26.jpg)
Security Objectives
The CIA Triad
– Confidentiality : control of data – Integrity : assure the data can be trusted – Availability : ensure reliable , authorised access
IoTSF Conference 2018 26
IoT Security Availability
4-Dec-18
![Page 27: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/27.jpg)
Basic – devices processing public information
M edium – devices processing sensitive information, including Personally Identifiable Information, whose compromise would have limited impact on an individual or organisation
H igh - devices processing very sensitive information, including sensitive personal data whose compromise would have significant impact on an individual or organisation
Security O bjectives - Confidentiality
27 IoTSF Conference 2018 4-Dec-18
![Page 28: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/28.jpg)
Basic - resists low level threat sources that have very little capability and priority
M edium - threat sources that have from very little, focussed capability, through to researchers with significant capability
H igh - devices resist substantial level threat sources
Security O bjectives - Integrity
28 IoTSF Conference 2018 4-Dec-18
![Page 29: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/29.jpg)
Basic - devices whose lack of availability would cause minor disruption
M edium – devices whose lack of availability would have limited impact on an individual or organisation
H igh – devices whose lack of availability would have significant impact to an individual or organisation, or impacts many individuals
Security O bjectives - Availability
29 IoTSF Conference 2018 4-Dec-18
![Page 30: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/30.jpg)
Compliance Class The requirements in the Framework are classified as follows: Class 0: where compromise to the data generated or loss of control is likely to result in
little discernible impact on an individual or organisation.
Class 1: where compromise to the data generated or loss of control is likely to result in no more than limited impact on an individual or organisation.
Class 2: in addition to class 1, the device is designed to resist attacks on availability that would have significant impact on an individual or organisation, or impact many individuals. For example by limiting operations of an infrastructure to which it is connected.
Class 3: in addition to class 2, the device is designed to protect sensitive data including sensitive personal data.
Class 4: in addition to class 3, where compromise to the data generated or loss of control have the potential to affect critical infrastructure or cause personal injury.
IoTSF Conference 2018 30 4-Dec-18
![Page 31: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/31.jpg)
Compliance Class : Security Objectives
IoTSF Conference 2018 31
Compliance Class Security Objective Confidentiality Integrity Availability
Class 0 Basic Basic Basic Class 1 Basic Medium Medium Class 2 Medium Medium High Class 3 High Medium High Class 4 High High High
4-Dec-18
![Page 32: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/32.jpg)
IoTSF Compliance Framework – Assessment
IoTSF Conference 2018 32 4-Dec-18
![Page 33: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/33.jpg)
IoTSF Compliance Framework – Next Steps
1. W hen a new IoT product is conceived, as part of the business planning, conduct a top level risk assessment to scope the threats, impacts, and mitigations.
2. Ask the IoTSF for advice.
IoTSF Conference 2018 33 4-Dec-18
![Page 34: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/34.jpg)
34
How to use the Best Pract ice Guides
Engaging with IoT Security Best Practices Jeff Day BT
IoTSF Conference 2018 4-Dec-18
![Page 35: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/35.jpg)
IoTSF Conference 2018 35 4-Dec-18
![Page 36: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/36.jpg)
Key Areas to Secure
Understand the Data Physically secure the installation Secure all the software M anage who gets on the system Connect to the network securely Implement & manage s/ w updates K eep track of what’s happening on the system
IoTSF Conference 2018 36 4-Dec-18
![Page 37: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/37.jpg)
Key Areas to Secure <-> BPGs
IoTSF Conference 2018 37
Key Areas to Secure Best Practice Guide Understand the Data A: Classification of Data Physically secure the installation B: Physical Security
Secure all the software C: Device Secure Boot D: Secure Operating System E: Application Security
Manage who gets on the system F: Credential Management G: Encryption Connect to the network securely H: Network Connections
Implement & manage s/w updates J: Securing Software Updates L: Software Update Policy
Keep track of what’s happening on the system
K: Logging
4-Dec-18
![Page 38: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/38.jpg)
IoTSF Conference 2018 38
A - Classification of Data B - Physical Security C - Device Secure Boot D - Secure Operating System E - Application Security F - Credential Management G - Encryption H - Network Connections J - Securing Software Updates K - Logging L - Software Update Policy
4-Dec-18
![Page 39: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/39.jpg)
IoTSF Conference 2018 39
Example BPG
4-Dec-18
![Page 40: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/40.jpg)
IoTSF Conference 2018 40
Example BPG:
Logging (Upper half)
4-Dec-18
![Page 41: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/41.jpg)
IoTSF Conference 2018 41
Example BPG:
Logging (Lower half)
4-Dec-18
![Page 42: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/42.jpg)
References from the Compliance Framework
IoTSF Conference 2018 42
“This section’s intended audience is those personnel who are responsible for hardware and mechanical quality. Guidance is available from the IoTSF [Ref 44] regarding Physical Security (part B) Secure Boot (part C), Secure Operating Systems (part D).”
Examples:
“This section’s intended audience is for those personnel who are responsible for device application quality e.g. Software Architects, Product Owners, and Release Managers. Guidance is available from the IoTSF [Ref44] regarding Secure Operating Systems (part D), Credential Management (Part F), and Software Updates (part J).”
“This section’s intended audience is for those personnel who are responsible for device security. Guidance is available from the IoTSF [Ref44] regarding Credential Management (Part F), and Network Connections (part H).”
4-Dec-18
![Page 43: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/43.jpg)
DCMS Code of Practice <-> BPG M apping
IoTSF Conference 2018 43 4-Dec-18
![Page 44: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/44.jpg)
IoTSF Conference 2018 44
Contents DCMS <-> BPG Mapping Executive Summary A - Classification of Data B - Physical Security C - Device Secure Boot D - Secure Operating System E - Application Security F - Credential Management G - Encryption H - Network Connections J - Securing Software Updates K - Logging L - Software Update Policy
Available on IoT Security Foundation web site
https://iotsecurityfoundation.org
Best Practice Guides
More Guides and Articles coming in 2019!
4-Dec-18
![Page 45: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/45.jpg)
45
How to use the Vulnerability Disclosure Guide Engaging with IoT Security Best Practices Richard M arshall IoTSF Plenary Chair
IoTSF Conference 2018 4-Dec-18
![Page 46: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/46.jpg)
Vulnerability Disclosure
46
RELEASE 1.0
IoTSF Conference 2018 4-Dec-18
![Page 47: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/47.jpg)
Post Product Launch
Is a V ulnerability Disclosure policy and process in place?
Can you respond before your Company makes the…
47 IoTSF Conference 2018 4-Dec-18
![Page 48: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/48.jpg)
Headlines…
48 IoTSF Conference 2018 4-Dec-18
![Page 49: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/49.jpg)
How common? 331 Consumer Product Companies reviewed for a V ulnerability Disclosure policy…
– 90.3% did not have a publically declared policy
– O nly 9.7% had a policy available for research contact
https:/ / www.iotsecurityfoundation.org/ wp-content/ uploads/2018/ 11/ V ulnerability-Disclosure-Design-v4.pdf
49 IoTSF Conference 2018 4-Dec-18
![Page 50: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/50.jpg)
Regional Differences Regional breakdown:
– Asia 12.2% – N orth America 12.2% – Europe 4.9%
https:/ / www.iotsecurityfoundation.org/ wp-content/ uploads/2018/ 11/ V ulnerability-Disclosure-Design-v4.pdf
50 IoTSF Conference 2018 4-Dec-18
![Page 51: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/51.jpg)
Post Product Launch
Is a V ulnerability Disclosure policy and process in place?
Can you respond before your Company makes the…
51 IoTSF Conference 2018 4-Dec-18
![Page 52: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/52.jpg)
Key Areas
Point of contact M ethods of contact Communications Resolving conflict Speed of response Acknowledgement and reward
52 IoTSF Conference 2018 4-Dec-18
![Page 53: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/53.jpg)
Point of contact
53 IoTSF Conference 2018 4-Dec-18
![Page 54: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/54.jpg)
Methods of contact
54 IoTSF Conference 2018 4-Dec-18
![Page 55: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/55.jpg)
Communications
55 IoTSF Conference 2018 4-Dec-18
![Page 56: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/56.jpg)
Resolving Conflict
56 IoTSF Conference 2018 4-Dec-18
![Page 57: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/57.jpg)
Speed of response
57 IoTSF Conference 2018 4-Dec-18
![Page 58: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/58.jpg)
Acknowledgement and reward
58 IoTSF Conference 2018 4-Dec-18
![Page 59: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/59.jpg)
Key Takeaways
Implement a V ulnerability Policy Executive backing and awareness is
essential Assign responsibilities for the
communication and response roles
59 IoTSF Conference 2018 4-Dec-18
![Page 60: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/60.jpg)
60
Smart Buildings act ivit ies
Engaging with IoT Security Best Practices James W illison & Sarb Sembhi Unified Security and V irtually Informed
IoTSF Conference 2018 4-Dec-18
![Page 61: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/61.jpg)
– Enterprise – Consumer – Others…
Smart Buildings
61 IoTSF Conference 2018 4-Dec-18
![Page 62: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/62.jpg)
Goal of Working Group The goal of this W orking Group is to establish a
comprehensive set of guidelines to help each of the supply chain participants to specify, procure, install, integrate, operate and maintain IoT securely in buildings.
This includes intelligent buildings equipment and controls such as CCTV , audio visual (AV ), fire, H V AC, lighting and building security e.g. access control & biometric systems.
62 IoTSF Conference 2018 4-Dec-18
![Page 63: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/63.jpg)
How we got here
M eeting with Paul Dorey in M arch Agreed approach M eet with Jenny Devoy & team at InfoSecurity in June Launched September W orkshop at IFSEC in June Participated in IoT SF Plenary session in July Agreed invitee target list Invited participants for workshop
63 IoTSF Conference 2018 4-Dec-18
![Page 64: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/64.jpg)
IoT Security, Privacy and Surveillance: IFSEC 2018 : Launch of IoTSF Smart Buildings workshop
Video of panel discussion with Paul Dorey, Sarb Sembhi, James Willison (IoTSF Smart Buildings Group), Steven Kenny (AXIS Communications) and Mike Hurst (ASIS UK) due out w/c 09/07/18. https://www.ifsecglobal.com
IoTSF Conference 2018 64 4-Dec-18
![Page 65: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/65.jpg)
Promoted on Social Media and IoTSF website
• IoTSF blog and news announcing the workshop.
• This was posted on Linkedin and reshared by Sarb : total views : 1053
• Personal invites to contacts in the target audience.
• How can IoTSF plenary help spread the message and invite others?
IoTSF Conference 2018 65 4-Dec-18
![Page 66: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/66.jpg)
IFSEC 2018 : June 21st
The Converged Security Centre: Protecting IoT in real time.
IoTSF Conference 2018 66 4-Dec-18
![Page 67: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/67.jpg)
67
SMART BUILDINGS CYBER SECURITY WORKSHOP M onday 17 Sept 2018: 1230 – 1645: IB IS H otel Earls Court.
John M oor, M anaging Director, IoTSF Paul Dorey, Chair, IoTSF Jenny Devoy, H ead of M embership Development, IoTSF Sarb Sembhi & James W illison, IoTSF Smart Buildings W orking Group V ice chairs. Delegates: 23 senior representatives from End Users, Facilities M anagers, Designers, M anufacturers, Integrators, Auditors, Installers and IoT Specialists/ Researchers.
IoTSF Conference 2018 4-Dec-18
![Page 68: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/68.jpg)
Follow up call: 8th O ctober 2018
Follow-up call (8th O ctober). 15 people on the call. W e agreed the following four sub-groups to be set up, and for any interested people to indicate which one (or more of the four) groups they would like to be involved in. The Groups are: Strategic Awareness Research Guidance
The first two will be supported by Sarb Sembhi, and the last two will be supported by James W illison. W e will identify up to four sub chairs and look for a Chair.
68 IoTSF Conference 2018 4-Dec-18
![Page 69: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/69.jpg)
Four sub groups
69
Awareness What is a smart building? Awareness Simple "Awareness training course" for all Awareness Attack surface of Smart Buildings Awareness Make buildings people-proof Awareness Gaining buy-in Awareness / Guidance Create use cases
Strategic Language / definitions
Strategic Stakeholders
Strategic What do we want to achieve in stakeholder conversations?
Strategic Assurance - Certification
Strategic Roadmap Risk management journey
Strategic Liaising with other professional bodies
IoTSF Conference 2018 4-Dec-18
![Page 70: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/70.jpg)
Sub groups (cont.) Research - academic Current academic research
Research - knowledge Current standards
Research - knowledge Current Guidance
Standard Integration with other Standards and Frameworks
70
Guidance Create a body of knowledge
Guidance Reference architecture
Guidance Common reference framework
Guidance Security of key devices (mini-systems)
Guidance/maturity model Contractual requirements
IoTSF Conference 2018 4-Dec-18
![Page 71: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/71.jpg)
Next steps
Sub-Group calls on the 11th December Draw up list of projects Provide guidance on Framework specific to
Smart Buildings Provide some quick wins for Q 1 Finalise deliverables for 2019
71 IoTSF Conference 2018 4-Dec-18
![Page 72: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/72.jpg)
72
Architecture Whitepapers
Engaging with IoT Security Best Practices Richard M arshall IoTSF Plenary Chair
IoTSF Conference 2018 4-Dec-18
![Page 73: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/73.jpg)
Architecture Whitepapers
73 IoTSF Conference 2018
Health care
4-Dec-18
![Page 74: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/74.jpg)
Enterprise
74 IoTSF Conference 2018 4-Dec-18
Intended audience: – CxO s and IoT purchasers – IT departments – Developers – O EM Product M anagement
![Page 75: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/75.jpg)
Enterprise
75 IoTSF Conference 2018 4-Dec-18
Intent: – Simplifying implementation options – Illustrate what a good security regime
looks like – Show the benefits of a hub-based
approach
![Page 76: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/76.jpg)
Home
76 IoTSF Conference 2018 4-Dec-18
Intended audience: – IoT Service Providers – Developers – O EM Product M anagement
![Page 77: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/77.jpg)
Home
77 IoTSF Conference 2018 4-Dec-18
Intent: – Simplifying implementation options – Illustrate what a good home security
regime looks like – Demonstrate how to support IoT with
minimal reliance on users – Show the benefits of a hub-based
approach – Foster growth by making security part
of the purchasing process
![Page 78: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/78.jpg)
78
Future Act ivit ies
Engaging with IoT Security Best Practices Richard M arshall IoTSF Plenary Chair
IoTSF Conference 2018 4-Dec-18
![Page 79: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/79.jpg)
Conformance Create ‘certifications’ derived from the IoT Compliance Framework
– fit within a recognised framework / standard (Eu/ ISO / IEC etc)
First goal: M V P - Satisfy DCM S Consumer Code of Practice – Determine the Conformity Assessment System
• “rules, procedures and management for carrying out conformity assessment”
– Determine the Conformity Assessment Scheme for consumer
M ore schemes may follow if successful – E.g. Industrial products
IoTSF Conference 2018 79 4-Dec-18
![Page 80: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/80.jpg)
Conformity Document Map
4-Dec-18 IoTSF Conference 2018 80
CIA
Conformity Assessment Process
Consumer Management
Context & Risk
Factors
Compliance Framework
Enterprise Management
Context & Risk
Factors
CIA CIA
Smart Buildings
Management Context
& Risk Factors
Healthcare Management
Context & Risk
Factors
CIA
![Page 81: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/81.jpg)
Conformity Assessment The official definition is: “Demonstration that specified requirements
relating to a product, process, system, person or body are fulfilled” (definition in EN ISO / IEC 17000:2004 Conformity assessment – V ocabulary and general principles).
http:/ / www.european-accreditation.org/ what-is-accreditation#3
81 4-Dec-18 IoTSF Conference 2018
![Page 82: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/82.jpg)
Conformance Assessment Process
4-Dec-18 IoTSF Conference 2018 82
Compliance Framework
Test And
Conformance Process
CIA Context and
Risk Factors Compliance Framework Assessment
![Page 83: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/83.jpg)
Accreditation entity/ schemes Accreditation is a third-party evaluation and demonstration of
competence. It is the assessment of independence, objectivity and competence of an entity for the performance of defined activities.
Accreditation is a public authority activity. It is the last level of public authority control. The purpose of accreditation is to provide an authoritative statement of the competence of a body to perform conformity assessment activities.
http:/ / www.european-accreditation.org/ what-is-accreditation#1
IoTSF Conference 2018 83 4-Dec-18
![Page 84: Engaging with IoT Security Best Practices...IoTSF Compliance Framework V2.0 Overview Agenda Introduction W hat’s New How to use the Framework Next Steps 4-Dec-18 IoTSF Conference](https://reader033.fdocuments.us/reader033/viewer/2022050210/5f5ccd65dea5fb3f5f277b96/html5/thumbnails/84.jpg)
Thank You!
84 IoTSF Conference 2018
https:/ / iotsecurityfoundation.org/
4-Dec-18