Re: [Iotops] Brendan Slide 4 --- Path Forward

Brendan Moran <> Fri, 31 March 2023 03:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EDA43C14CE40 for <>; Thu, 30 Mar 2023 20:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hXDscFEOX0Vj for <>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 6381EC151707 for <>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
Received: by with SMTP id ew6so84533403edb.7 for <>; Thu, 30 Mar 2023 20:37:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; t=1680233846; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=O0mD2t2zEXbDaUnd6oWFFJ2Z67QmsBd8Pz4JNPR8UC0=; b=lU42zF1c060uXnxbp19QpiT3F8y13sBvFZqSP82cfQ3iOKWBJ4gy9bo2wx2POPf7np MjUcEWM0kWVBhlsxmQw4lhbo/DKN4D0xv6oq5hbOvaJL+0rXphXqkOQWeEf90Lk8U2gc fdLy1VQtlClMu5cCXH/TpBD0f/m+4g0HNS4y25Og5wTgxUPx9LPp0vf8Z/JTzNUV8FYi IhANHwqhszWXliN23UZlkJSPOSeH7Lf3RW9G7MqluHS782sTm64gkxDDYEGsAPhSL9dP NDo6/QeL2BBI6hRZsNPMOXDPFNsQt79F40QMle+kkocVwzV5UewPM1Eyfi7Yp1PRqGSd 0OmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; t=1680233846; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O0mD2t2zEXbDaUnd6oWFFJ2Z67QmsBd8Pz4JNPR8UC0=; b=ESwNrE7S424eEcilIVqdfVelSX+86A7Ek3tpx3IRukMhRxysA+X1GcZO5X7rrbezrR Y8N8jzFon0bIRgQrJGJfQnUZBMBXPSNqkMK2f+z/v7VWdio29Y+WmbaTVriMtzscW0hq LyivB5b1PHgylxRWgpysDqnNFxMvNDmLzajiGfja3LwhEi1shlcWpvqXxLZPt4icLbCI t79pEouHpJuGvtLdVEL6JJVQscqg1Q3D0MGLiDyFthyLFzYPyc/EULWLXShwDr7PeeoB R1GaiLo352vMhu1r5o47s25Ru7K/TeaKzEd6CgKDk1U2AQjPiEySe9mduYTy2+jLg2kc UPvA==
X-Gm-Message-State: AAQBX9fh4HZSfffQKG0DNcoPX7A2qhuzbAIoKgKlpxdHTvQBsIIWd1a+ 2SSwEPdXwPR1R/n4OQYUZ6jXNKw2O6ViGbF/mg9YJyJ6o05VB/Oz
X-Google-Smtp-Source: AKy350YbyORzgomG6hzj/wNjMKmMNTvUyIJQqoMWj1y50Gp8soIbhXnadOiCzga94wH6E8ERQ2xshBq7Wi3fy1A292U=
X-Received: by 2002:a17:906:f18b:b0:931:ecdc:14dd with SMTP id gs11-20020a170906f18b00b00931ecdc14ddmr12855300ejb.4.1680233845995; Thu, 30 Mar 2023 20:37:25 -0700 (PDT)
MIME-Version: 1.0
References: <27514.1680232825@localhost> <28178.1680232915@localhost>
In-Reply-To: <28178.1680232915@localhost>
From: Brendan Moran <>
Date: Thu, 30 Mar 2023 22:37:14 -0500
Message-ID: <>
To: Michael Richardson <>
Content-Type: multipart/alternative; boundary="00000000000087ba0e05f829ed8b"
Archived-At: <>
Subject: Re: [Iotops] Brendan Slide 4 --- Path Forward
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IOT Operations <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 31 Mar 2023 03:37:33 -0000

I agree, we should be surprised if there's anything that deviates from what
we already have; I think we're in pretty good shape overall. For the sake
of completeness, I'm going to shamelessly copy NIST's reference table,
because it's quite thorough.

Hopefully this clarifies things.


AGELIGHT: AgeLight Digital Trust Advisory Group, “IoT Safety Architecture &
Risk Toolkit (IoTSA) v3.1” []
BITAG: Broadband Internet Technical Advisory Group (BITAG), “Internet of
Things (IoT) Security and Privacy Recommendations” [
CSA: Cloud Security Alliance (CSA) IoT Working Group, “Identity and Access
Management for the Internet of Things” [
CSDE: Council to Secure the Digital Economy (CSDE), “The C2 Consensus on
IoT Device Security Baseline Capabilities” [
CTIA: CTIA, “CTIA Cybersecurity Certification Test Plan for IoT Devices,
Version 1.0.1” []
ENISA: European Union Agency for Network and Information Security (ENISA),
“Baseline Security Recommendations for IoT in the context of Critical
Information Infrastructures” [
ETSI: European Telecommunications Standards Institute (ETSI), “Cyber
Security for Consumer Internet of Things” [
GSMA: Groupe Spéciale Mobile Association (GSMA), “GSMA IoT Security
Assessment” []
IEC: International Electrotechnical Commission (IEC), “IEC 62443-4-2,
Edition 1.0, Security for industrial automation and control systems – Part
4-2: Technical security requirements for IACS components” []
IIC: Industrial Internet Consortium (IIC), “Industrial Internet of Things
Volume G4: Security Framework” []
IoTSF: IoT Security Foundation (IoTSF), “IoT Security Compliance Framework,
Release 2” []
ISOC/OTA: Internet Society/Online Trust Alliance (OTA), “IoT Security &
Privacy Trust Framework v2.5” [
NEMA: National Electrical Manufacturers Association (NEMA), “Cyber Hygiene
Best Practices” []
OCF: Open Connectivity Foundation (OCF) “OCF Security Specification Version
2.1.2” []
PSA: Platform Security Architecture (PSA) Joint Stakeholder Agreement (JSA)
Members, “PSA CertifiedTM Level I Questionnaire, Version 2.0 Beta” []

On Thu, Mar 30, 2023 at 10:22 PM Michael Richardson <>
> Michael Richardson <> wrote:
>     > For IoTSF, you won't find anything new, as it mostly refers to ETSI
>     > IEC documents.  For IEC maybe you are referring to
>     >
> We'll have to do some kind of liason dance to get uniform access to this.
> --
> Michael Richardson <>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
> --
> Iotops mailing list