Industrial Internet Consortium updates IoT security maturity model

The Industrial Internet Consortium (IIC) announced updates to its IoT Security Maturity Model (SMM) Practitioner’s Guide and associated Description and Intended Use white paper.

The Security Maturity Model defines levels of security maturity for a company based on its security goals and objectives as well as its appetite for risk. This enables decision makers to appropriately invest to meet their specific security requirements.

The white paper is an introduction to Security Maturity Model concepts and the Practitioner’s Guide provides detailed, actionable guidance IoT stakeholders can use to assess and manage the security maturity of their IoT systems.

“The Security Maturity Model gives organizations an informed understanding of the security practices and mechanisms applicable to their industry and scope of their IoT solution,” said Frederick Hirsch, SMM Co-Author and Chair of the IIC Trustworthiness Task Group. “We’ve improved the clarity and usefulness of the Practitioner’s Guide by adding new guidance to the numerous practice tables, clarifying scoring and the case studies, and more – without changing the underlying model. The improvements are based on experience and feedback, including from training sessions. We’ve updated the white paper correspondingly.”

Version 1.2 of the white paper and guide are aligned with the IoT SMM: Retail Profile for Point-of-Sale Devices (also announced today), targeted specifically for the retail industry. The IIC is collaborating with industry groups to develop additional industry profiles (beyond the retail profile) to extend the model further.

The IIC IoT SMM Practitioner’s Guide v1.2, Description and Intended Use White Paper v1.2 and a list of authors who contributed to them can be found on the IIC website.