IoT Trust Framework Comments

The Online Trust Alliance has extended its public comment period on the IoT Trust Framework draft until 21 September. The framework has the following goals:

  • Provide guidance to manufacturers and developers to help reduce attack surface and vulnerabilities, and adopt responsible privacy and data stewardship practices.
  • Drive the adoption of security, privacy & sustainability best practices; embracing “privacy and security by design”, as a model for the development of a voluntary, yet enforceable code of conduct.
  • Provide positive affirmation and recognition to companies, products, and retailers who embrace the code of conduct and meet minimum standards.
  • Provide retailers / commerce sites criteria to aid in their product merchandising and promotion decisions.
  • Where possible, apply existing standards from NIST, NTIA, ISO and other industry working groups.
  • Encourage collaboration, sharing of best practices and threat intelligence.
  • Evaluate and identify gating issues and considerations which may lead to the development of a seal or certification program.

I submitted the following comments.