Research Article
Security Evaluation Framework for Military IoT Devices
Table 11
Example of converting the security controls to ISO/IEC 15408 and 27001.
| NIST | Security Controls | ISO/IEC15408 or ISO/IEC 27001 Requirements |
| AC-17 | Remote Access | A.6.2.1: Mobile device policy: | A.6.2.2: Teleworking | A.13.2.1: Information transfer policies and procedures |
| AC-18 | Wireless Access | A.6.2.1: Mobile device policy: | A.13.1.1 Network controls | A.13.2.1: Information transfer policies and procedures |
| IA-2 | Identification and Authentication | FIA_ATD.1: User Attribute Definition | FIA_UAU.1: User Authentication (Timing of Authentication) | FIA_UAU.2: User Authentication before any action) | FIA_UID.1: Timing of identification | FIA_UID.2: User Identification before any action |
| IA-3 | Device Identification and Authentication | FIA_UAU.1: User Authentication (Timing of Authentication) | FIA_UAU.2: User Authentication before any action) | FIA_UID.1: Timing of identification | FIA_UID.2: User Identification before any action |
|
|