The CIS Controls Internet of Things (IoT) Companion Guide provides detailed guidance on how to apply the cybersecurity best practices of the CIS Controls, particularly Version 8.1, to IoT environments. The guide addresses the unique security challenges posed by IoT devices, which often include smart speakers, security cameras, door locks, sensors, and wearables that may be integrated into business IT networks sometimes without proper authorization. It emphasizes the importance of managing authentication credentials, encrypting network traffic, and ensuring devices can receive software updates, highlighting that these security features should be evaluated before purchasing IoT devices. The guide also recommends practices such as maintaining an accurate inventory of IoT assets, segregating IoT networks, implementing boundary defense mechanisms, and protecting data both in transit and at rest to mitigate risks associated with IoT deployments. Ultimately, the companion guide aims to help organizations securely manage the increasing presence and complexity of IoT devices in enterprise and organizational settings by applying consensus-developed, vendor-neutral best practices aligned with established security frameworks.
Publication's URL
https://www.cisecurity.org/insights/white-papers/the-cis-controls-internet-of-things-companion-guideAdditional documents on this topic
- NIST IR 8349 Methodology for Characterizing Network Behavior of Internet of Things Devices
- NIST SP 800-82 Rev. 3 Guide to Operational Technology (OT) Security
- CIS Controls Cloud Companion Guide v8
- CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology
- NIST SP 800-88 Rev. 2 Guidelines for Media Sanitization