Cloud Security Alliance Debuts Internet of Things (IoT) Controls Framework and Accompanying Guide

Framework introduces base-level security controls required to
mitigate numerous risks associated with IoT systems

SAN FRANCISCO–(BUSINESS WIRE)–lt;a href=”” target=”_blank”gt;#IoTlt;/agt;–RSA CONFERENCE 2019 – The Cloud
Security Alliance
(CSA), the world’s leading organization dedicated
to defining and raising awareness of best practices to help ensure a
secure cloud computing environment, today announced the release of the CSA
IoT Controls Framework
, its first such framework for IoT which
introduces the base-level security controls required to mitigate many of
the risks associated with an IoT system operating in a range of threat
environments. Created by the CSA IoT Working Group, the new Framework
together with its companion piece, the Guide
to the CSA Internet of Things (IoT) Controls Framework
, provide
organizations with the context in which to evaluate and implement an
enterprise IoT system that incorporates multiple types of connected
devices, cloud services, and networking technologies.

With the implementation of increasingly complex IoT systems—defined by
the European Union Agency for Network and Information Security as
“cyber-physical ecosystem[s] of interconnected sensors and actuators,
which enables intelligent decision making”—organizations need clear
guidance to identify appropriate security controls and allocate them to
specific components within their system. These components include but
are not limited to simple sensors, simple actuators, edge devices, fog
computing, mobile device/application, on-premise intermediary device,
cloud gateway, and cloud app/service.

“This has been quite an intense and involved effort and we are excited
to offer the IoT Controls Framework as a resource for designers and
developers, who are tasked with creating secure IoT systems and other
evaluators of IoT systems. Designers and developers can use this tool to
continually evaluate the security of their implementation as they
progress through the development life cycle. The tool offers a holistic
evaluation of an IoT system to ensure it meets industry-specified best
practices,” said Brian Russell, chair of the CSA Internet of Things
Working Group.

Utilizing the Framework, user owners will assign system classification
based on the value of the data being stored and processed and the
potential impact of various types of physical security threats.
Regardless of the value assigned, the Framework has utility across
numerous IoT domains from systems processing only “low-value” data with
limited impact potential, to highly sensitive systems that support
critical services.

The CSA IoT Working Group develops frameworks, processes and best-known
methods for securing these connected systems. Further, it addresses
topics including data privacy, fog computing, smart cities and more.
Individuals interested in becoming involved in future IoT research and
initiatives are invited to visit the Internet
of Things Working Group join page

Both the Framework
and Companion
are free, downloadable resources. Visit the CSA in Booth 1535
Moscone South to learn more.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization
dedicated to defining and raising awareness of best practices to help
ensure a secure cloud computing environment. CSA harnesses the subject
matter expertise of industry practitioners, associations, governments,
and its corporate and individual members to offer cloud
security-specific research, education, certification, events and
products. CSA’s activities, knowledge and extensive network benefit the
entire community impacted by cloud — from providers and customers, to
governments, entrepreneurs and the assurance industry — and
provide a forum through which diverse parties can work together to
create and maintain a trusted cloud ecosystem. For further information,
visit us at,
and follow us on Twitter @cloudsa.


Kari Walker for the CSA
ZAG Communications
[email protected]

error: Content is protected !!