OWASP IoT Security Verification Standard (ISVS)
The OWASP ISVS provides comprehensive security requirements for Internet of Things (IoT) ecosystems and their components.
β οΈ Release Candidate β
1.0.0-RC2. This documentation is a release candidate under community review and may change before the final release. It is not yet a finalized standard. Please review the content and share feedback via GitHub Discussions.
Version 1.0 - Official Release
This is the official 1.0 release of the OWASP ISVS, providing 156 security requirements across five verification categories.
Download the Standard
π PDF Β· π± EPUB Β· π DOCX Β· π CSV Β· π§ JSON Β· π XML
About ISVS
The OWASP ISVS is a community-driven standard for IoT security verification. It provides requirements for:
- π’ IoT Ecosystem Design - Security architecture and development processes
- π€ User Space Applications - Authentication, authorization, and data protection
- π» Software Platforms - Bootloaders, OS configuration, and software updates
- π‘ Communication - Network protocols including Bluetooth, WiFi, Zigbee, LoRaWAN
- π§ Hardware Platforms - Physical security and hardware design
Three Security Levels
- Level 1: Software-only attacks, baseline security
- Level 2: Hardware-involved attacks, sensitive data protection
- Level 3: Critical systems, defense-in-depth, anti-tampering
Documentation
π Getting Started
π Security Requirements
- V1: IoT Ecosystem Requirements
- V2: User Space Application Requirements
- V3: Software Platform Requirements
- V4: Communication Requirements
- V5: Hardware Platform Requirements
π€ Get Involved
Project Leaders
- CΓ©dric Bassem - [email protected]
- Aaron Guzman - [email protected]
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
