Frontispiece

About the Standard

The OWASP Internet of Things Security Verification Standard (ISVS) is a community effort to establish an open standard of security requirements for Internet of Things (IoT) ecosystems. IoT ecosystems comprise of different systems, including IoT systems (connected devices and their different components) and other systems, such as web and mobile applications. The requirements provided by the ISVS target both IoT ecosystems as a whole, and the components of IoT systems specifically: IoT hardware, software, applications and communication protocols. These requirements can be used during many stages of the Development Life Cycle, including design, development, and testing of IoT ecosystems.

license

Copyright © 2025 The OWASP Foundation.

This document is released under the Creative Commons Attribution ShareAlike 4.0 license. For any reuse or distribution, you must make clear to others the license terms of this work.

Version 1.0, October 2025

Project Leads

  • Cédric Bassem
  • Aaron Guzman

Contributors and Reviewers

  • Théo Rigas
  • Leo Dorrendorf
  • Anna Schnaiderman

The IoT Security Verification Standard is built upon the hard work of volunteers and contributors. The project originated as part of an appendix by the OWASP Application Security Verification Standard and it was decided the topic of IoT needed its own standard.

If a credit is missing from the credit list above, please contact the project leaders: [email protected] & [email protected] or log a ticket at GitHub to be recognized in future updates.