Best Practice 5.2 - Require timely vulnerability notifications and software updates from your providers - IoT Lens Checklist

Best Practice 5.2 - Require timely vulnerability notifications and software updates from your providers

Components in a device bill of materials (BOM), such as secure elements for certificate storage or a trusted platform module (TPM), can make use of updatable software components. Some of this software might be contained in the Board Support Package (BSP) assembled for your device. You can help to mitigate device-side security issues quickly by knowing where the security-sensitive software components are within your device software stack, and by understanding what to expect from component suppliers with regard to security notifications and updates.

Recommendation 5.2.1 – Ensure that your IoT device manufacturer provides security-related notifications to you, and provides software updates in a timely manner to reduce the associated risks of operating hardware or software with known security vulnerabilities

Ask your suppliers about their product conformance to the Common Criteria for Information Technology Security Evaluation. In addition, consider using AWS Partner Device Catalog where you can find devices and hardware to help you explore, build, and go to market with your IoT solutions.