Our Member Working Groups: Driving IoT Security Forward

At the heart of the IoT Security Foundation’s mission are our dedicated Member Working Groups (WGs). These collaborative groups are instrumental in shaping the future of IoT security, driven by the expertise and passion of our members and guided by the Executive Steering Board (ESB). Our WGs are where collective knowledge transforms into actionable insights, best practices, and impactful contributions to the global IoT ecosystem.

While these WGs represent a significant part of our efforts, the IoT Security Foundation’s interest spans across all applications of connected technology, reflecting our commitment to comprehensive security in an increasingly interconnected world.

You can find public outputs from our working groups on the publications page

Members can access the WG’s from our members platform here.

Current Working Groups

Regulatory Watch

The Regulatory Watch WG plays a critical role in navigating the evolving landscape of IoT security. Its core functions include:

  • Monitoring global standards and regulatory developments.
  • Producing essential briefing documents to keep members informed.
  • Providing expert feedback and advice on industry consultations, calls for views, and public inquiries from governments and standards bodies worldwide.

IoT Security Assurance Framework (SAF)

The IoT Security Assurance Framework WG is dedicated to empowering manufacturers, developers, and IoT system operators with the tools to provision and maintain robust security mechanisms in their products and services. Its primary output is the IoT Security Assurance Framework (SAF), a globally recognized resource.

Key aspects of the Framework include:

  • Regular Maintenance: The Framework is continuously updated to remain current with emerging threats and technologies.
  • Future-Proof Mapping: It can be mapped to all existing and known future standards and regulations, offering users a reliable method to stay abreast of evolving requirements while satisfying present-day demands.

Downloaded over 15,000 times globally as of mid-2024, the IoT Security Framework demonstrates its widespread utility and impact. You can access it directly at https://af.iotsf.org.

NOTE: The IoT Security Compliance Framework was renamed The IoT Security Assurance Framework from Release 3.0 (November 2021). The Security Assurance Framework is a maintained document and is 100% compatible with previous versions of the IoT Security Compliance Framework.

IoT Security Best Practices

The IoT Security Best Practices WG focuses on developing and promoting practical security guidelines. This group aims to provide clear, actionable advice for securing IoT devices and systems, helping organizations implement effective security measures throughout the product lifecycle.

See our Secure Design Best Practice Guides here

Supply Chain Integrity

The Supply Chain Integrity WG addresses the complex challenges of securing the IoT supply chain. This group works to identify vulnerabilities and develop strategies to ensure the integrity and trustworthiness of components and software throughout their journey from manufacturer to end-user.

See our paper on Suppy Chain Integrity here

We also think the Software Bill of Materials is important (see our paper here) and how that can be extended into AI systems integrity (see the Trustable AI Bill of Materials here).

Device Identities

The Device Identities WG explores the foundational role of strong device identities in building trust and enhancing security across IoT ecosystems. Their work contributes to understanding how unique, verifiable identities can bolster the overall security posture of connected devices. More information can be found on their dedicated landing page: https://iotsecurityfoundation.org/deviceid-wg/.

Smart Built Environment

The Smart Built Environment WG is dedicated to managing IoT security within buildings, infrastructure, and cities. This group provides crucial guidance and advice tailored for professionals who need to understand IoT security in the context of smart environments, even if their primary role is not security-focused.

Router Security and ManySecured

The ManySecured WG focuses on router security and security by design, recognizing the critical role that network hubs play in overall IoT security. As a frequent target for attackers, the router also presents an ideal opportunity to provision security for the network and all attached devices. This group’s efforts are central to enhancing the security of these essential components. Learn more at https://manysecured.net.

See our paper Router and IoT Vulnerabilities: Insecure by Design paper here

More on router security specs here