Re: [Iotops] Brendan Slide 4 --- Path Forward
Brendan Moran <brendan.moran.ietf@gmail.com> Fri, 31 March 2023 03:37 UTC
Return-Path: <brendan.moran.ietf@gmail.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDA43C14CE40 for <iotops@ietfa.amsl.com>; Thu, 30 Mar 2023 20:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXDscFEOX0Vj for <iotops@ietfa.amsl.com>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6381EC151707 for <iotops@ietf.org>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id ew6so84533403edb.7 for <iotops@ietf.org>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680233846; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=O0mD2t2zEXbDaUnd6oWFFJ2Z67QmsBd8Pz4JNPR8UC0=; b=lU42zF1c060uXnxbp19QpiT3F8y13sBvFZqSP82cfQ3iOKWBJ4gy9bo2wx2POPf7np MjUcEWM0kWVBhlsxmQw4lhbo/DKN4D0xv6oq5hbOvaJL+0rXphXqkOQWeEf90Lk8U2gc fdLy1VQtlClMu5cCXH/TpBD0f/m+4g0HNS4y25Og5wTgxUPx9LPp0vf8Z/JTzNUV8FYi IhANHwqhszWXliN23UZlkJSPOSeH7Lf3RW9G7MqluHS782sTm64gkxDDYEGsAPhSL9dP NDo6/QeL2BBI6hRZsNPMOXDPFNsQt79F40QMle+kkocVwzV5UewPM1Eyfi7Yp1PRqGSd 0OmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680233846; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O0mD2t2zEXbDaUnd6oWFFJ2Z67QmsBd8Pz4JNPR8UC0=; b=ESwNrE7S424eEcilIVqdfVelSX+86A7Ek3tpx3IRukMhRxysA+X1GcZO5X7rrbezrR Y8N8jzFon0bIRgQrJGJfQnUZBMBXPSNqkMK2f+z/v7VWdio29Y+WmbaTVriMtzscW0hq LyivB5b1PHgylxRWgpysDqnNFxMvNDmLzajiGfja3LwhEi1shlcWpvqXxLZPt4icLbCI t79pEouHpJuGvtLdVEL6JJVQscqg1Q3D0MGLiDyFthyLFzYPyc/EULWLXShwDr7PeeoB R1GaiLo352vMhu1r5o47s25Ru7K/TeaKzEd6CgKDk1U2AQjPiEySe9mduYTy2+jLg2kc UPvA==
X-Gm-Message-State: AAQBX9fh4HZSfffQKG0DNcoPX7A2qhuzbAIoKgKlpxdHTvQBsIIWd1a+ 2SSwEPdXwPR1R/n4OQYUZ6jXNKw2O6ViGbF/mg9YJyJ6o05VB/Oz
X-Google-Smtp-Source: AKy350YbyORzgomG6hzj/wNjMKmMNTvUyIJQqoMWj1y50Gp8soIbhXnadOiCzga94wH6E8ERQ2xshBq7Wi3fy1A292U=
X-Received: by 2002:a17:906:f18b:b0:931:ecdc:14dd with SMTP id gs11-20020a170906f18b00b00931ecdc14ddmr12855300ejb.4.1680233845995; Thu, 30 Mar 2023 20:37:25 -0700 (PDT)
MIME-Version: 1.0
References: <27514.1680232825@localhost> <28178.1680232915@localhost>
In-Reply-To: <28178.1680232915@localhost>
From: Brendan Moran <brendan.moran.ietf@gmail.com>
Date: Thu, 30 Mar 2023 22:37:14 -0500
Message-ID: <CAPmVn1N98bZsoXmQoJkcAMCwQWeiKgVT1yFspXjL42f3FGSDhw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: iotops@ietf.org
Content-Type: multipart/alternative; boundary="00000000000087ba0e05f829ed8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/__OJweA_yTYFJmVp1gWvihYY9QM>
Subject: Re: [Iotops] Brendan Slide 4 --- Path Forward
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2023 03:37:33 -0000
I agree, we should be surprised if there's anything that deviates from what we already have; I think we're in pretty good shape overall. For the sake of completeness, I'm going to shamelessly copy NIST's reference table, because it's quite thorough. Hopefully this clarifies things. Brendan AGELIGHT: AgeLight Digital Trust Advisory Group, “IoT Safety Architecture & Risk Toolkit (IoTSA) v3.1” [http://agelight.com/iot.html] BITAG: Broadband Internet Technical Advisory Group (BITAG), “Internet of Things (IoT) Security and Privacy Recommendations” [ https://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf ] CSA: Cloud Security Alliance (CSA) IoT Working Group, “Identity and Access Management for the Internet of Things” [ https://cloudsecurityalliance.org/download/identity-and-access-management-for-the-iot/ ] CSDE: Council to Secure the Digital Economy (CSDE), “The C2 Consensus on IoT Device Security Baseline Capabilities” [ https://securingdigitaleconomy.org/wp-content/uploads/2019/09/CSDE_IoT-C2-Consensus-Report_FINAL.pdf ] CTIA: CTIA, “CTIA Cybersecurity Certification Test Plan for IoT Devices, Version 1.0.1” [https://www.ctia.org/about-ctia/test-plans/] ENISA: European Union Agency for Network and Information Security (ENISA), “Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures” [ https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot ] ETSI: European Telecommunications Standards Institute (ETSI), “Cyber Security for Consumer Internet of Things” [ https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf ] GSMA: Groupe Spéciale Mobile Association (GSMA), “GSMA IoT Security Assessment” [https://www.gsma.com/iot/iot-security-assessment/] IEC: International Electrotechnical Commission (IEC), “IEC 62443-4-2, Edition 1.0, Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components” [ https://webstore.iec.ch/publication/34421] IIC: Industrial Internet Consortium (IIC), “Industrial Internet of Things Volume G4: Security Framework” [https://www.iiconsortium.org/IISF.htm] IoTSF: IoT Security Foundation (IoTSF), “IoT Security Compliance Framework, Release 2” [https://www.iotsecurityfoundation.org/best-practice-guidelines/] ISOC/OTA: Internet Society/Online Trust Alliance (OTA), “IoT Security & Privacy Trust Framework v2.5” [ https://www.internetsociety.org/resources/doc/2018/iot-trust-framework-v2-5/ ] NEMA: National Electrical Manufacturers Association (NEMA), “Cyber Hygiene Best Practices” [ https://www.nema.org/Standards/Pages/Cyber-Hygiene-Best-Practices.aspx] OCF: Open Connectivity Foundation (OCF) “OCF Security Specification Version 2.1.2” [ https://openconnectivity.org/specs/OCF_Security_Specification_v2.1.2.pdf] PSA: Platform Security Architecture (PSA) Joint Stakeholder Agreement (JSA) Members, “PSA CertifiedTM Level I Questionnaire, Version 2.0 Beta” [ https://www.psacertified.org/security-certification/psa-certified-level-1] On Thu, Mar 30, 2023 at 10:22 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > For IoTSF, you won't find anything new, as it mostly refers to ETSI and > > IEC documents. For IEC maybe you are referring to > > https://en.wikipedia.org/wiki/IEC_62443 > > We'll have to do some kind of liason dance to get uniform access to this. > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > -- > Iotops mailing list > Iotops@ietf.org > https://www.ietf.org/mailman/listinfo/iotops
- [Iotops] Brendan Slide 4 --- Path Forward Michael Richardson
- Re: [Iotops] Brendan Slide 4 --- Path Forward Michael Richardson
- Re: [Iotops] Brendan Slide 4 --- Path Forward Brendan Moran