scope:

Context for the present document

The design, development and deployment of - potentially large - IoT systems require to address a number of topics - such as security, interoperability or privacy - that are related and should be treated in a concerted manner. In this context, several Technical Reports have been developed that each address a specific facet of IoT systems.

In order to provide a global and coherent view of all the topics addressed, a common approach has been outlined across the Technical Reports concerned with the objective to ensure that the requirements and specificities of the IoT systems are properly addressed and that the overall results are coherent and complementary.

The present document has been built with this common approach also applied in all of the other documents listed below (the present document is highlighted in italic script in the list):

ETSI TR 103 533 (the present document)

ETSI TR 103 534-1 [i.43]

ETSI TR 103 535 [i.45]

ETSI TR 103 536 [i.46]

ETSI TR 103 537 [i.47]

ETSI TR 103 591 [i.2]

Scope of the present document

The present document provides an overview of the Standards Landscape and best practices for the application of security technology to the IoT.

Existing work in mapping the landscape of security standards and best practices has been published by ETSI in both formal ETSI publications and in the review of security activity presented in the annual white paper, by ENISA through the IoT Security Expert Group (in [i.3] and [i.4]), and others but have often not addressed the particularities of IoT for the general case. In this regard the present document builds on the content of ETSI TR 103 306 [i.1] which addresses IT Security in general with a specific view to the IoT and extends and builds on the previously published work in the field.

The present document is structured as follows:

• Clause 5 provides a simplified security model of IoT.

• Clause 6 presents an introduction to the security purposes of IoT as a specialization of the generic cybersecurity domain and introduces some of the paradigms used in security analysis, design, and implementation.

• Clause 7 presents an overview of the regulatory domain as it impacts IoT security.

• Clause 8 presents an overview of the security ecosystem and identifies the stakeholders in standards development and development of best practices.

• Clause 9 presents a review of the security best practices and development guidance arising from the stakeholders identified in clause 4.

• Clause 10 presents an overview of the specific technologies of security that may apply to IoT.

• Clause 11 provides a summary of the findings of the present document.

• Annex A collates a set of best practice guidelines for non-consumer IoT.

The present document complements the overview of the Standards Landscape and best practice for privacy to be found in ETSI TR 103 591 [i.2].