Evaluating Security of IIoT Testbeds
Standards and Compliance: Document
relevant security standards and
compliance requirements.
The various pieces of information collected,
as described in this section, are utilized in
the security review process captured in the
next section.
2.
3.
O BJECTIVES AND S ECURITY R EVIEW
P ROCESS
4.
The primary objective of the security review
process conducted by the TSCG is to ensure
that a testbed considers security at the onset
of its design and to provide feedback to the
testbed team on whether the security
objectives sought out by the testbed team
appear to be met by the testbed design
under review. The process followed by the
TSCG for its evaluation is described in the
figure bellow.
5.
6.
7.
1. The Testbed team creates the
Testbed presentation outlining the
purpose and goals of the Testbed
activity and receives related review
comments from the Testbed
Working Group. This presentation is
shown as input to the first step in
Figure 2.
The Testbed team creates and
provides the security profile, with the
help of the testbed security profile
guidelines and the questionnaire.
The Testbed team schedules a review
between the testbed team and the
TSCG.
The TSCG team meet and discuss the
security profile, fill in the gaps of the
security profile for the testbed, and
schedule a review with the testbed
owners.
The TSCG team reviews the security
profile, asks further questions and
provides feedback.
The Testbed team updates the
security profile according to the
feedback provided by the TCSG team.
Additional iterations of review with
the TSCG may be conducted, if
desired by the Testbed team.
Figure 2: The security review process
IIC Journal of Innovation
- 53 -