OWASP IoT Security Verification Standard

The OWASP Internet of Things Security Verification Standard (ISVS) provides security requirements for Internet of Things (IoT) applications. The requirements provided by the ISVS can be used at many steps during the SDLC of an IoT application. For example, by a designer during the design phase or by a security professional that whishes to assess the security posture of an existing IoT application.

IoT applications are often composed of many interconnected applications that together form a complex ecosystem. Securing an IoT application thus boils down to securing the ecosystem. The ISVS therefore specifies security requirements for embedded applications and the IoT ecosystem in which these reside while referring to existing industry-accepted standards as much as possible.

The ISVS is currently in the very early stages of development. In case you are interested in contributing to this project, please reach out to the project leaders either via email or via the OWASP Slack.