The Internet of Things (IoT) is a general category of connected devices that do not necessarily meet the classic description of a computer and are commonly designed for a single purpose. Examples of IoT devices include medical devices, HVAC controllers, door access controllers, IP Cameras, Smart TVs, smart watches, and speakers.

According to the Department of Defense CIO, “the interim DFARS rule established a five-year phase-in period, during which CMMC compliance is only required in select pilot contracts, as approved by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)).”
Once CMMC 2.0 is codified through rulemaking, the Department will require companies to adhere to CMMC, and inclusion of CMMC as a requirement in DoD solicitations and requests for proposals will be mandated.

The interim rule became effective in 2020, establishing a five-year phase-in period, which means that CMMC could come into effect by 2025, which is only two years away.
In anticipation of the deadline for CMMC compliance, your company should ensure that all of your assets in your network, including your IoT assets, do not cause you to potentially compromise your company’s position to adhere to the compliance controls of CMMC, the consequences of which could be a significant loss of revenue from the Department of Defense.

If contractors and subcontractors are handling the same type of FCI (federal contract information) and CUI (controlled unclassified information), then the same CMMC level would apply.

Sign up for a free IoT Mini Starter Kit and meet the foundational CMMC requirements in just 5 minutes

Virtually every network, whether a large corporate intranet or a simple home Wi-Fi network, has IoT devices on it. Most are unknown or unmanaged devices and hard to secure, making it challenging to know what IoT is on the network, where they are, where they are communicating, and whether they are vulnerable. Traditional security tools can’t keep up, making dedicated IoT security solutions a critical piece of any enterprise security strategy.

Most IoT devices are unknown or unmanaged devices that are hard to security for a variety of reasons, including:

• risky default behavior like creating open services, have hard-coded passwords or data collection and transmission on their own to other devices
• lack built-in security and security patching from the manufacturer
• can’t run endpoint agents or don’t produce logs, so they are hard to monitor
• can’t be scanned for vulnerabilities because they are resource constrained and easily crash
• create Shadow IT problems as they are easily deployed without IT oversight

We have a limited supply of IoT-minis^TM available. When you request an IoT-mini^TM, we will notify you within 48 hours if we have one available. Once approved, you can expect a simple package with all you need to begin base lining your IoT inventory and security posture. The package includes the IoT-mini, a USB-USB-mini, CAT6 Ethernet cable, and a power brick for the USB cable if there is no USB port to power the device.

Using the IoT-mini^TM is as simple as 1-2-3:

1. Plug in the CAT6 Ethernet cable to a working ethernet port on the network to be scanned
2. Plug in the power supply
3. Scan the QR code to activate the IoT-mini^TM
4. Wait 24 hours for the report to be delivered to your inbox

The report includes a complete view of IoT devices connected to your network, along with recommendations. To continue receiving monthly update reports, simply leave the IoT-mini connected to the network. If you would like to assess a different network, simply connect and reactivate the IoT-mini to the new network following the above steps.

We have a limited supply of IoT-minis^TM and they are currently available at no charge. The initial report is currently available free of charge.  Restrictions include:
1) You must be an IT employee of a company that: a) has greater than 200 employees, or b) is a value-added reseller, or c) is a managed service provider or d) is a professional security auditor.
2) You will not use the IoT-mini^TM or the information it provides for malicious purposes, or to compete in any way with IoTSecure.
3) The IoT-mini^TM and any information produced by the IoT-mini must not be used for resell purposes without express, written permission by IoTSecure.
4) The IoT-mini^TM is for use on corporate networks, but an initial test may be conducted on a test/lab network. Restrictions are subject to change without notice.

The IoT-mini^TM can assess any network environment it’s connected to and activated on. If you need to test additional networks, please contact sales@localhost. 

The IoT-mini^TM profiles devices into manufacturers, categories and device type.  Then, it creates a risk profile for each device, including vulnerabilities, flaws, risks, and other crucial information.

Once the IoT-mini is connected to a network and activated, it begins inspecting and identifying  devices. Within 24-48 hours (depending on the size of the network), you will be contacted to schedule a report review with an engineer.

The IoT-mini^TM FREE is a free IoT security tool that is designed for fast, easy proof of concepts and provides basic IoT inventory and IoT vulnerability detection on a single network segment.

The IoT-mini^TM Pro+ uses the same device as the IoT-mini^TM FREE, but it is upgraded to provide automated assessments on an entire corporate network, advanced IoT inventory and vulnerability detection, device-level behavior monitoring, granular configuration options and a real-time dashboard.

The IoT-max^TM is a high capacity, full enterprise-level solution that has all the features as the IoT-mini^TM Pro +, but it also provides integration of results into existing tools such as SIEM, NAC, Asset & Vulnerability Management, ITSM, etc.

Please send us an email with your questions to sales@localhost