OWASP IoT Security Verification Standard (ISVS)

The OWASP ISVS provides comprehensive security requirements for Internet of Things (IoT) ecosystems and their components.

Get Started View on GitHub


⚠️ Release Candidate β€” 1.0.0-RC2. This documentation is a release candidate under community review and may change before the final release. It is not yet a finalized standard. Please review the content and share feedback via GitHub Discussions.


Version 1.0 - Official Release

This is the official 1.0 release of the OWASP ISVS, providing 156 security requirements across five verification categories.

Download the Standard

πŸ“„ PDF Β· πŸ“± EPUB Β· πŸ“ DOCX Β· πŸ“Š CSV Β· πŸ”§ JSON Β· 🌐 XML


About ISVS

The OWASP ISVS is a community-driven standard for IoT security verification. It provides requirements for:

  • 🏒 IoT Ecosystem Design - Security architecture and development processes
  • πŸ‘€ User Space Applications - Authentication, authorization, and data protection
  • πŸ’» Software Platforms - Bootloaders, OS configuration, and software updates
  • πŸ“‘ Communication - Network protocols including Bluetooth, WiFi, Zigbee, LoRaWAN
  • πŸ”§ Hardware Platforms - Physical security and hardware design

Three Security Levels

  • Level 1: Software-only attacks, baseline security
  • Level 2: Hardware-involved attacks, sensitive data protection
  • Level 3: Critical systems, defense-in-depth, anti-tampering

Documentation

πŸ“– Getting Started

πŸ” Security Requirements

🀝 Get Involved


Project Leaders


License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

CC BY-SA 4.0