ENISA Releases New Guidelines on IoT Security Best Practices
IndraStra Open Journal Systems
IndraStra Global

ENISA Releases New Guidelines on IoT Security Best Practices

By IndraStra Global News Team

ENISA Releases New Guidelines on IoT Security Best Practices

On November 19, 2019, the European Union Agency for Cybersecurity (ENISA) published new guidelines on ensuring 'security by design' for the Internet of Things (IoT) applications. The ‘Good Practices for Security of IoT’ report focuses on software development guidelines, including specifics on how to securely collect requirements, design, develop, maintain and even dispose of IoT systems and services.

According to the executive summary of the report, "This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was highlighted in the ENISA Baseline Security Recommendations study which focused on the security of the IoT ecosystem from a horizontal point of view."

ENISA said the guidelines are applicable for the entire IoT ecosystem (devices, communications/networks, cloud, etc.) and are complementary to its previous work on Baseline IoT Security Recommendations. The target audience of the study is IoT software developers and users, including platforms, SDKs and APIs, and IoT integrators.


The European Union Agency for Cybersecurity (ENISA) has been working to make Europe cyber-secure since 2004. The Agency works closely together with the Members States and other stakeholders to deliver advice and solutions as well as improving their cybersecurity capabilities. It also supports the development of a cooperative response to large-scale cross-border cybersecurity incidents or crises and since 2019, it has been drawing up cybersecurity certification schemes.

Sign up to the IndraStra Global's daily email