Common cybersecurity requirements in IoT standards, best practices, and guidelines

The cybersecurity of the Internet of Things (IoT) is an increasing concern and product vendors are advised to follow security standards, best practices, and guidelines. From the many requirement sources, a vendor is likely to choose only a few. How does this selection impact the security requirements of an IoT product? To answer the question, we collect requirements from 16 sources and divide them into categories for comparison. Common categories are identified, with all sources covering Security design, Interface security, Authentication, Data protection, and System updates. The agreement on the high-level categories does not hold in the subcategories and the selection of the sources have a big impact to the requirement details. Consolidation of the IoT security requirements would be desirable and possible.