Cloud Security Alliance Updates Internet of Things (IoT) Controls Matrix with New Incident Management Domain and Improved Technical Clarity and SEO

Extended matrix for enterprise IoT systems that integrate multiple types of connected devices, cloud services, and networking technologies

SEATTLE, April 26, 2022–(BUSINESS WIRE)–The Cloud Security Alliance (CSA), the leading global organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced the Internet of Things (IoT) Control Matrix Version 3 and the accompaniment CSA IoT Controls Matrix Version 3 Guide. Created by CSA IoT working group, version 3 of the matrix builds on previous iterations, increasing the number of checks to 199 while adding a new area of ​​incident management and improving technical clarity and SEO. Together with the guide, the matrix will help users — especially those with enterprise IoT systems that integrate multiple types of connected devices, cloud services, and networking technologies — identify appropriate security controls and allocate them to specific architectural components, including devices, networks, gateways. , and cloud services.

“The IoT market continues to grow with recently introduced advances in connectivity and autonomy across all industry sectors. But relying on the data and functionality generated by the IoT requires organizations that adopt these new technologies to plan deployments that are accessible, secure and resilient. Given the rapid evolution of connected technologies and the constant stream of new threats, it can be difficult without a roadmap of how to move forward,” said Aaron Guzman, Co-Chair of the IoT Working Group and one of the main authors of the article.

Version 3 of the matrix can be used in many IoT domains, from systems only processing “low value” data with limited potential for impact to highly sensitive systems that support critical services. The companion guide explains how to use the matrix to assess and implement an IoT system, and provides a column-by-column description and explanation. Additionally, it has been updated to include industry profiles, which represent starting points for securing industry-specific IoT devices, such as medical devices, vehicles, and autonomous systems.

“Creating a secure IoT environment requires security engineering that addresses unique risks and employs appropriate mitigations. The IoT Controls Matrix provides a starting point for organizations looking to better understand and implement security controls within their IoT architecture,” said Michael Roza, Risk, Audit and Compliance Control Professional. compliance and one of the CSA Research Fellows and lead author of all three versions of the IoT Controls Matrix.

the IoT Controls Matrix (formerly known as IoT Security Controls Framework), first released in early 2019, introduced 155 basic security controls needed to mitigate many of the risks associated with an IoT system that integrates multiple types of connected devices, services cloud and networking technologies. Today, it continues to be used by system architects, developers, and security engineers as well as auditors and penetration testers to assess the security of their implementations as they progress through the development lifecycle to ensure they adhere to industry-specified best practices.

the IoT Controls Matrix complete the CSA Cloud Controls Matrix, CSA Enterprise Architecture, and other best practices as part of a holistic approach to securing the cloud ecosystem. the Matrix and accompanying guide are free resources and can be downloaded now.

The CSA IoT Task Force develops frameworks, processes and best practices for securing connected systems. The working group addresses topics such as data privacy, safety and security at the edge and in the cloud. Those interested in getting involved in future IoT research and initiatives are invited to visit the Join the page.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA leverages the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver safety-specific research, education, training, certification, events and products from the cloud. CSA’s activities, knowledge and extensive network benefit the entire cloud-affected community – from vendors and customers to governments, contractors and the insurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit www.cloudsecurityalliance.organd follow us on Twitter @cloudsa.

See the source version on


Kristina Runquist
ZAG Communications for CSA
[email protected]

About Florence L. Silvia

Check Also

Conduent Named a Leader in Everest Group’s 2022 PEAK Matrix® Healthcare Payment Operations Assessment

FLORHAM PARK, NJ, May 05, 2022 (GLOBE NEWSWIRE) — Incorporated Duct CNDTa business process services …