ANSI SCTE 256:2019 pdf download.IoT Security Considerations and Recommendations for Operators.
The following areas are covered within this document:
1. Cybersecurity Responsibilities
a. Vendor
b. Service provider
c. Customer
2. Product selection (for Service Provider equipment)
a. Hardware security recommendations
b. Firmware security recommendations
c. Suggested vendor responsibilities for the life of the product
i. Vulnerability notification
ii. Attack notification
iii. I\4itigation
iv. Firmware updates for security vulnerabilities
d. Branding
e. Qualification
3. Retail Products [customer owned and managed (COAM)]
a. Qualification process
4. Provisioning
a. Security onboarding
b. Secure delivery of provisioning data
c. Secure provisioning database
d. Confirmation of provisioning
e. Secure confirmation management and storage
f. Blacklisting
5. Maintenance
a. Firmware upgrade
b. Device and platform auditing
6. Diagnostics
a. Logs
b. Alerts
7. Attack management planning
a. Vendor
b. Service provider internal
c. Customer notification
1.3. Benefits
This document will be used to provide the following benefits:
• Educate the service providers on the infrastructure required to support loT security
• Develop a common baseline architecture for loT security such that different operators can use the same or similar tools and platforms
1.4. Intended Audience
The intended audience are the engineering and security teams for service providers.
1.5. Areas for Further Investigation or to be Added in Future Versions
As technology in the loT space evolves, this document should be reviewed and updated and/or revised where necessary per SCTE policy.
2. Normative References
The following documents contain provisions, which, through reference in this text, constitute provisions of this document. At the time of Subcommittee approval, the editions indicated were valid. All documents are subject to revision; and while parties to any agreement based on this document are encouraged to investigate the possibility of applying the most recent editions of the documents listed below, they are reminded that newer editions of those documents might not be compatible with the referenced version.
2.1. SCTE References
• No normative references are applicable.
2.2. Standards from Other Organizations
• No normative references are applicable.
2.3. Published Materials
• No normative references ale applicable.
3. Informative References
The following documents might provide valuable information to the reader but are not required when complying with this document.
3.1. SCTE References
• No informative references are applicable.
3.2. Standards from Other Organizations
• OCF Core Framework (https://openconnectivity.org/specs/OCF Core Specification v2.O.2.pdf)
• OCF Security (https://openconnectivity.org/specs/OCF Security Specification v2.O.2.pdf)
4. Compliance Notation
shall This word or the adjective “required” means that the item is an absolute requirement of this document.
shall not This phrase means that the item is an absolute prohibition of thisdocument.
forbidden This word means the value specified shall never be used.
should This word or the adjective “recommended” means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighted before choosing a different course.
should not This phrase means that there may exist valid reasons in particular circumstances when the listed behavior is acceptable or even useful. but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label.ANSI SCTE 256 pdf download.