IoT Security Checklist
The Internet of Things (IoT) is a concept that refers to a distributed system consisting of a network of monitoring applications that collect information about the state of physical objects, and control applications that alter the state of objects based on the collected information and other elements. Recently, it is gaining a lot of attention and expected to spread rapidly in the years to come.
Such IoT devices are constantly connected to a network, and in many cases, numerous IoT devices of the same type which are connected to a network often make it difficult to ensure security control of individual IoT devices. Moreover, developers of IoT devices often put too much focus on creating new functions and forget to work on security design.
Also, when users build a system using IoT devices, it is important to select constituent products that provide necessary security features. If users select an inappropriate product, it could be subject to cyber attacks, preventing the system from operating as expected or enabling the system to be used as a springboard for cyber attacks against third parties.
To address these issues, JPCERT/CC is publishing an IoT security checklist covering matters to be checked by developers and users.
The checklist lists 39 essential security functions that enable IoT devices to be operated safely even in an environment where threats exist, along with background information on why they are necessary. By using this checklist to evaluate an IoT system that is under development or planned to be deployed, it is possible to determine quickly whether the functions necessary to ensure security of the IoT system are provided, and identify any matters that need further consideration.
The list is provided in a spreadsheet file so that it can be modified depending on the purpose. We hope this material is useful as an initial step to check security functions of IoT system and IoT devices being developed or considered to install.
We plan to continue revising these documents.
We welcome your opinions and feedback for improvements.
The documents have been created in cooperation with the IoT security working group of the Japan Network Security Association (JNSA) and the University of Nagasaki.
Date | Title | Excel | |
---|---|---|---|
2020-11-06 | IoT Security Checklist | 401KB | 44KB |
2020-11-06 | IoT Security Checklist User Manual | 580KB | - |
2020-11-06 | IoT Security Checklist Illustration Diagram | 3.02MB | - |