Skip to main content
Library homepage
 
Engineering LibreTexts

3.6: Methodology - Design and Variables

  • Page ID
    85368
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    Note

    The MIoT Assessment tool is designed in a similar manner as the Security Assessment using NIST.SP 800-171r2/172.

    Microsoft Excel was used to create the MIoT Security Assessment Workbook (Figure 2). The workbook utilizes NIST SP.800-213A Capabilities, sub-Capabilities, Requirements and sub-Requirements to establish a quantitative framework for assessing MIoT cybersecurity and privacy protection compliance. In addition to specific Requirements the workbook provides references to associated NIST publications (SP.800-53r5) for each requirement.

    The assessment process consists of determining compliance with the Requirement/sub-Requirement, and providing proof of compliance via validation process or tool (Figure 1).

    Assessment Page ViewFigure 1: Validation Tool\Survey

    SURVEY VARIABLES

    Variables are Compliance(value), Validation Process/Tool and Comments:

    Compliance

    Value

    Definition

    Yes

    1

    The MIoT device complies with the Requirement\sub-Requirement

    No

    0

    The MIoT device does not comply with the Requirement\sub-Requirement

    Does Not Apply

    1

    Requirement\sub-Requirement does not apply to the device (requires explanation)

    Alternate Approach

    1

    An alternate approach is used to comply with the Requirement\sub-Requirement

    Unknown

    0

    it is unknown if compliance with Requirement\sub-Requirement is possible or available

    Numerical values (0-1) are automatically added to the value column based on compliance value. Values are summed and used to determine overall level of MIoT cybersecurity and privacy protection compliance (with SP.800-213A Capabilities).

    PROOF-OF-COMPLIANCE/VALIDATION PROCESS/TOOL
    This variable represents a process, procedure or tool (manual or automated) which is used as auditable proof or evidence that the Requirement is being satisfied.

    For example, for DEVICE IDENTIFICATION/Identifier Management Support: Ability to uniquely identify the IoT device logically the validation process may be a short statement such as “device ID/SN can be read by IT Asset Management System” with a tool reference to ABC Asset Management program or application1 Validation is to provide sufficient supplementary or complementary information proving that the Requirement is being met.

    COMMENTS
    This variable provides for additional information.


    [1] Short, concise statements are preferred for clarity and readability.


    This page titled 3.6: Methodology - Design and Variables is shared under a CC BY-NC 4.0 license and was authored, remixed, and/or curated by Thomas P. Dover.

    • Was this article helpful?