Product Pre Release Security Validation Checklist v1.0
•
0 likes•245 views
The document is a license from the IoT Security Initiative that allows others to share, adapt, and build upon the work as long as they provide attribution, do not use it for commercial purposes, and share adaptations under the same license terms. It specifies the license terms are provided under no warranty and refer to the full license terms on the Creative Commons website.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Product Pre Release Security Validation Checklist v1.0
Similar to Product Pre Release Security Validation Checklist v1.0 (20)
Recently uploaded
Recently uploaded (20)
Product Pre Release Security Validation Checklist v1.0
- 1. v 1.0 Product Pre-Release Security Validation Checklist
- 2. CC BY-NC-SA 4.0, 2018 – IoT Security Initiative – www.iotsi.org This license lets others remix, tweak, and build upon this work non-commercially, as long as they credit the IoT Security Initiative and this work and license their new creations under identical terms. YOU ARE FREE TO Share: Copy and redistribute the material in any medium or format. Adapt: Remix, transform, and build upon the material. The licensor cannot revoke these freedoms as long as you follow the license terms. UNDER THE FOLLOWING TERMS Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial: You may not use the material for commercial purposes. ShareAlike: If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. No additional restrictions: You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. NO WARRANTY This material is furnished on an "as-is" basis. No warranties of any kind are made, either expressed or implied, as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity, or results obtained from use of the material. No warranties of any kind are made with respect to freedom from patent, trademark, or copyright infringement. COMPLETE LICENSE TERMS & CONDITIONS CAN BE FOUND AT https://creativecommons.org/licenses/by-nc-sa/4.0/ 1www.iotsi.orgCC BY-NC-SA 4.0, 2018 - IoT Security Initiative
- 3. Vendor security testing and delivery requirements specified in contracts Vendor secure product development program attestation End-to-end data security reviewed and validated End-to-end data privacy reviewed and validated Software design and architecture security reviewed and validated Network design and architecture security reviewed and validated Product/service security requirements reviewed and/or provided All solution custom code tested for vulnerabilities with static code analysis Solution authentication and session design and technology reviewed and validated Functional user security configuration settings design reviewed and validated Solution password creation, storage, and reset design reviewed and validated API security reviewed and validated Device provisioning design and architecture reviewed and validated User provisioning design and architecture reviewed and validated Software/firmware-update model design and architecture reviewed and validated Device embedded system security controls reviewed and validated Device vulnerability assessment conducted Security patch levels of all third party and open source production software current Product/service security features/functions testing conducted Device final-firmware package scanned for vulnerabilities Back-end network, systems, and operations security controls reviewed and validated Back-end network and system services vulnerability assessment Web services dynamic vulnerability assessment Penetration testing of end-to-end solution Solution cryptographic key stored and managed securely Source code repository security and access management in place All security findings sufficiently remediated and managed Given an end-to-end solution, ensure the following are accounted for prior to Production release or Go-Live. Require below list items based on risk and testing process. Use ongoing for subsequent releases and as changes warrant. COMPLETION STATUSSECURITY ACTIVITY 1 NA Pending Complete 2 NA Pending Complete 3 NA Pending Complete 4 NA Pending Complete 5 NA Pending Complete 6 NA Pending Complete 7 NA Pending Complete 8 NA Pending Complete 9 NA Pending Complete 10 NA Pending Complete 11 NA Pending Complete 12 NA Pending Complete 13 NA Pending Complete 14 NA Pending Complete 15 NA Pending Complete 16 NA Pending Complete 17 NA Pending Complete 18 NA Pending Complete 19 NA Pending Complete 20 NA Pending Complete 21 NA Pending Complete 22 NA Pending Complete 23 NA Pending Complete 24 NA Pending Complete 25 NA Pending Complete 26 NA Pending Complete 27 NA Pending Complete 2www.iotsi.orgCC BY-NC-SA 4.0, 2018 - IoT Security Initiative