SC-006 – Internet Of Things Security

Responsible Office: Office of Cybersecurity

Last Review: 09/21/2023

Next Review: 09/21/2025

Contact: Chris Madeksho

Phone: 901.448.1579

Email: mmadeksh@uthsc.edu

Purpose

To ensure the confidentiality, integrity, and availability of the University’s IT Resources by regulating the controlled use of Internet of Things (IoT) devices and connecting them to the appropriate University network.

Scope

All IoT devices that reside on the UTHSC network (wired and wireless).

Definitions

IT Resources – Computing, networking, communications, applications, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Internet of Things – Physical objects (e.g., vehicles, appliances, lab or medical equipment, and other items embedded with electronics, software, sensors, actuators) that communicate, sense, or interact with their internal states or the external environment via network connectivity.

Standard

  1. University-owned IoT devices must adhere to NISTIR 8259A IoT Cybersecurity Capability Core Baseline.
  2. IoT devices must be installed and maintained using the Information Security Requirements Guidance.
  3. IoT devices must comply with all University information security standards such as, but not limited to, Network Security, Access Control, Data & System Classification, Vulnerability Management, and Password Management.
  4. IoT devices will be connected to the appropriate controlled network segment.
  5. IoT networks must be monitored to identify abnormal traffic and emergent threats.

References

  1. RM-002-Vulnerability Management
  2. SC-001-Network Security
  3. IoT Device Cybersecurity Capability Core Baseline (nist.gov)
  4. Information Security Requirements

SC-006 – Internet Of Things Security
Version: 2 // Effective: 10/19/2023
PDF icon Downloadable PDF

Related Procedures: