Internet-connected devices in recent times have become essential to many aspects of day-to-day life, from fitness trackers, pacemakers, and cars; to the control systems that deliver water and power to our homes. They enable seamless connections among people, networks, and physical services. They are increasingly being used to collect telemetry data or perform actions without human intervention - on the brink of the fourth industrial revolution. As we continue to integrate network connections into our nation’s critical infrastructure, important processes that once were performed manually and in physical isolation (and thus enjoyed a measure of immunity against malicious cyber activity) are now vulnerable to cyber threats across the vast context of sensors, smart objects, smart city devices, transportation systems, automation devices, robotics, healthcare devices, and other industrial components. The risk introduced by the IoT ecosystem to consumer privacy and potential disruptions in critical infrastructure are grave and require a holistic approach while still promoting interconnectivity and intelligent automation. 

The Council has established this policy to protect the use, adoption and implementation of IoT, aligned with the UAE’s national priority to be a global leader in cyber security; and enhance the security posture of organizations and individuals within the UAE using IoT products and solutions.

IoT Governance 

Outlines the leadership and governance structures necessary to support IoT security, including strategies for identifying and mitigating security and privacy risks, providing targeted training to enhance personnel awareness, and managing third-party risks to prevent data breaches..
 

Data Security 

Provides measures to protect the confidentiality, integrity, and availability of data collected, stored, processed, or transmitted by IoT devices, ensuring the use of cryptographic capabilities and maintaining data privacy and authenticity.
 

Identity and Access Management 

Describe controls for preventing unauthorized access and alterations to organizational resources and data while using IoT services, and ensuring protection against unauthorized physical access.
 

Incident Management 

Provide measures to minimize the impact of security risks within the IoT environment, ensure timely reporting and effective containment of security incidents, and support the investigation and remediation of vulnerabilities.
 

IoT Resilience 

Outlines the requirements to ensures the availability of information and resources, maintain high availability as part of continuity efforts, and minimize the impact of outages and incidents.
 

Device Management 

Outlines the requirements for maintaining an inventory of IoT assets, implement necessary security controls for IoT devices, and safeguard the IoT environment throughout the device lifecycle.
 

Network Security 

Provides security measures for protection of IoT network components and related ecosystems.
 

Security Logging and Monitoring 

Outlines the requirements for Tracking and recording activities and events in the IoT environment, identifying inappropriate access, and remediating misuse.

IoT Governance 

Establishes leadership and governance for IoT security, proactively identify and remediate IoT security and privacy risks, enhance personnel awareness, and reduce third-party failures and data breaches.
 

Data Security 

Focuses on protecting data confidentiality, integrity, and availability, ensuring the use of cryptographic capabilities, and maintaining secure communications between IoT systems.
 

Identity and Access Management 

Outlines requirements for preventing unauthorized access and alterations to organizational resources and data while using IoT services, and ensure protection against unauthorized physical access.
 

Incident Management 

Define measures for minimizing security issues within the IoT environment, ensure timely reporting and containment of incidents, and support vulnerability remediation.
 

IoT Resilience 

Covers the measures to ensure high availability of IoT components and minimizing the impact of outages and incidents.
 

Device Management 

Includes security controls for managing IoT assets throughout their lifecycle, implement necessary security controls, and safeguard the IoT environment.
 

Network Security 

Provides requirements for protecting IoT network components.
 

Security Logging and Monitoring 

Defines requirements for tracking and recording activities and events in the IoT environment.