18 security requirement categories to protect the IoT supply chain

By February 15, 2024News

To secure IoT, security needs to be considered at all stages of the supply chain – design phase, implementation phase, distribution phase, deployment phase, operational phase, upgrading phase, and decommissioning phase.

We have identified, analysed, and selected 174 requirements from a number of guidelines, best practices, standards, regulations, and other sources. These requirements were grouped under the following 18 IoT domain-agnostic security requirement categories:

  1. Use strong passwords
  2. Keep device updated
  3. Securely store sensitive security parameters
  4. Communicate securely
  5. Minimize exposed attack surfaces
  6. Ensure software integrity
  7. Ensure that personal data is secure
  8. Make systems resilient
  9. Examine and protect system telemetry data
  10. Have data protection provisions in place
  11. Make installation, configuration and maintenance of devices easy and secure
  12. Validate input data
  13. Use robust cryptography
  14. Manufacturer obligations – Procedures & Policies
  15. Manufacturer obligations – Documentation
  16. Manufacturer obligations – Maintenance
  17. Manufacturer obligations – Adoption of Secure Software Development Lifecycle
  18. Device identification and access management

To learn more, download the deliverable “D2.1 – IoT supply chain security requirements” where you can find all the requirements outlined in detail!

Leave a Reply