New IoT security maturity model profile targets retail industry

September 1, 2020

International technology standards consortium Object Management Group® (OMG®) and the Industrial Internet Consortium® (IIC™) announced the first vertical profile for the recently released v1.2 of the IoT Security Maturity Model (SMM) Practitioner’s Guide. Targeted specifically for the retail industry, IoT SMM: Retail Profile for Point-of-Sale Devices will help retail organizations determine the right level of investment to meet their security needs.

“Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats,” said Andy Mattice, Co-chair, OMG Retail Domain Task Force, and Solutions Enablement at Lexmark. “New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.”

The IoT SMM: Retail Profile for Point-of-Sale Devices, which builds on concepts identified in the IIC Industrial Internet Security Framework (originally published in 2016) and the IoT SMM Practitioner’s Guide v1.2 (originally published in 2019 and recently updated), helps retail organization stakeholders determine their security needs. First, business stakeholders use the model to define security goals and objectives tied to risks. Then, technical teams within the retail organization, or third-party assessment vendors, map these objectives into tangible security techniques and capabilities, and identify an appropriate target security maturity level.

The IoT SMM: Retail Profile for Point-of-Sale Devices includes practice tables that delve into retail industry-specific requirements. When conducting current state assessments, organizations can use the profile to evaluate their actual maturity level and compare it to the target.

“The IoT SMM: Profile for Retail Point-of-Sale Devicesis the result of strong collaboration between the OMG Retail Domain Task Force and the IIC Security Applicability Task Group,” said Ron Zahavi, Co-chair, OMG Board, IIC Steering Committee. “The white paper will enable retail establishments to take a structured, top-down approach toward setting goals and a means to assess the current security state, trading off investment against risk in a sensible manner.”

Retail organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.

The IoT SMM: Retail Profile for Point-of-Sale Devices is a joint work product of the OMG Retail Domain Task Force, chaired by Andy Mattice, Lexmark, and Leonid Rubhakin, Aptos, and the IIC Security Applicability Task Group, chaired by Ron Zahavi, OMG Board and IIC Steering Committee. OMG and IIC members who contributed to the document can be found here on the OMG website and here on the IIC website.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.