25 – Govern device fleet provisioning processes
IoT solutions can scale to millions of devices and this requires device fleets to be well planned from the perspectives of provisioning processes and metadata organization. Defining how devices are provisioned must include how the devices are manufactured and how they are registered. Maintain a full chain of security controls over who or what processes can trigger device provisioning to decrease the likelihood of inviting unintended (or rogue) devices into your fleet.
Follow the best practices and check if your workload is well-architected.
| ID | Priority | Best Practice | |
|---|---|---|---|
| ☐ | BP 25.1 | Required | Document how devices join your fleet from manufacturing to provisioning |
| ☐ | BP 25.2 | Recommended | Use programmatic techniques to provision devices at scale |
| ☐ | BP 25.3 | Highly Recommended | Use device level features to enable re-provisioning |
| ☐ | BP 25.4 | Recommended | Use data-driven auditing metrics to detect if any of your IoT devices might have been compromised |
| ☐ | BP 25.5 | Highly Recommended | Bootstrap devices to use the endpoint with the least latency |
For more details, see the following links and information.
