Cybersecurity Principles of IoT v1.0
For our purposes here, we will consider a “device” as being any standalone embedded system that has integrated wired or wireless communication capabilities.
An end-to-end solution is designed, developed, operated and managed per industry-best-practice security and privacy guidelines.
A device has a rating established and identified by its manufacturer using the Device Security Rating System (DSRS) or similar.
Secure SDLC best practices and supporting tools are utilized for all software in the end-to-end solution.
Systems and applications in the end-to-end solution are validated with security vulnerability testing prior to production release.
To remain in operation, a deployed and functional device has a known and identifiable owner.
To remain in operation, a deployed and functional device always has a known and identifiable operator/maintainer.
A device is clearly marked with the short link of its corresponding Device Security Level Agreement (DSLA).
The public vulnerability disclosure contact details are clearly identified on both the manufacturers Device Security Level Agreement (DSLA) page and any solution web sites.
The Device Security Level Agreement (DSLA) identifies the public security or safety alerts filed for the device historically to date.
The software update support timespan and frequency are clearly identified in the manufacturers Device Security Level Agreement (DSLA) page.
All device Industry use classifications except "Consumer" provide a software update support timespan of not less than 6 years from manufacture date.
The Device Security Level Agreement (DSLA) for a device identifies the software update mechanism as either Direct-Physical, Remote-Network-Automatic, or Remote-Network-Manual facilitated.
The Device Security Level Agreement (DSLA) for a device identifies the firmware versioning history.
A device with inbound network services running is supported with remote-network firmware updates by the manufacturer in order to remain in an operational state.
A device without a User Interface notification system and without an owner/operator patch notification system implements Remote-Network-Automatic firmware updates.
A device with a system classification of "Gateway" implements Remote-Network-Automatic firmware updates.
A device storing personal or operationally sensitive information integrates data wipe capabilities into its design and architecture for standard use and decommissioning scenarios.
Devices supporting sensitive or safety-critical functions are designed and architected to continue safe and secure operation during communications interruption or failure.
A device is designed and architected to protect personal privacy through data collection transparency and anonymization of user activity.
A device clearly identifies the collection or processing of personally identifiable data in the Device Support-Level Agreement (DSLA).
A device in active use to identify and/or track persons and their activity is overtly identified as such to the public in the devices operating environment.
A published Device Security Level Agreement (DSLA) may be updated once initially created provided the change history of material modifications is identified.