The Online Trust Alliance has extended its public comment period on the IoT Trust Framework draft until 21 September. The framework has the following goals:
- Provide guidance to manufacturers and developers to help reduce attack surface and vulnerabilities, and adopt responsible privacy and data stewardship practices.
- Drive the adoption of security, privacy & sustainability best practices; embracing “privacy and security by design”, as a model for the development of a voluntary, yet enforceable code of conduct.
- Provide positive affirmation and recognition to companies, products, and retailers who embrace the code of conduct and meet minimum standards.
- Provide retailers / commerce sites criteria to aid in their product merchandising and promotion decisions.
- Where possible, apply existing standards from NIST, NTIA, ISO and other industry working groups.
- Encourage collaboration, sharing of best practices and threat intelligence.
- Evaluate and identify gating issues and considerations which may lead to the development of a seal or certification program.
I submitted the following comments.