The IoT Security Foundation set up by the UK’s NMI organization has published the first set of documents intended to provide best-practice guidelines for developers of embedded systems.
Among the batch of three documents, which will be updated in a similar manner to software releases, is a security compliance framework.
John Moor, managing director of the IoTSF, said at the launch at the organisations annual conference in London: “The framework provides a structured checklist for organizations to use. It was born out of our interest to provide a self-certification process that is both free and actionable. We decided early on that a framework should be released in a timely manner and updated over time.”
Working groups within the IoTSF have published their reports, with one on practices for vulnerability disclosure and another on best practice for implementing connected consumer products.
“We have been promoting the concept of the supply chain of trust. We have produced a best-practice user mark. It can be freely used by anyone who has adopted our best practice guidelines. All we ask is that you follow and meet our guidelines or preferably exceed them,” said Moor.