Other sources for security requirements

Security non-functional requirements can come from many sources. For the IoT, spend time reviewing many of the best practice guidance documents that have been published over the past few years. These include documents from organizations such as the Cloud Security Alliance (CSA), ENISA, the Industrial Internet Consortium (IIC), the Underwriters Laboratory (2900 series), and the IoT Security Foundation (IoTSF).