The Industrial Internet Security Framework (IISF)

The Industrial Internet Security Framework (IISF)

From the document:


The purpose of this document, ‘Industrial  Internet  of Things,  Volume G4:   Security  Framework’ (IISF) is  to identify, explain and position security-related architectures, designs and technologies, as well as identify procedures relevant to trustworthy Industrial Internet of Things (IIoT)  systems. It  describes  their  security  characteristics,  technologies  and  techniques  that  should  be  applied,  methods for addressing security, and how to gain assurance that the appropriate mix of issues have been addressed to meet stakeholders' expectations.This document is also a reference for the Industrial Internet Consortium’s testbeds that already span verticals such as smart grid, transportation, industrial maintenance and others. The security evaluations of these testbeds will provide continuous feedback that will be used to update the information here in subsequent revisions of this document.


This work is an expansion of the discussion on security in ‘Industrial Internet of Things, Volume G1:   Reference  Architecture’  (IIRA,   [IIC-IIRA2016]).  The  reader  should  be  familiar  with  that  document, as many of the terms and concepts used here are defined there.This  security  framework  identifies  and  explains  how  risks  associated  with  security  and  privacy  threats may be identified, evaluated and mitigated using technologies and processes. Privacy and other system characteristics are mentioned where it relates to specific security concerns within the  document,  but  this  document  is  not  intended  to  be  a  tutorial  on  privacy,  safety  or  other  characteristics defined in the IIRA. This document is informational in nature and not a normative technical specification. It does not contain  specifications  for  conformance  or  compliance.  Implementations  may  use  a  variety  of  mechanisms to address the concerns noted in the document.


The  audience  for  this  document  includes  owners,  operators, system  integrators,  business-decision makers, architects and any stakeholder with interest in security and related key system characteristics.  Business  decision  makers  can  use  this  document  to  guide  the  development  of  interoperable technologies and solutions related to security, balancing it with other stakeholder requirements. Owner, operators and system integrators can use it as a common starting point of system conception and design related to security.

The Industrial Internet Security Framework (IISF)
Not specified (see website if available) or see associated project