Andrew Losty (University College London), Anna Maria Mandalari (University College London)
As Matter adoption and device deployment grow, it is essential to assess alignment with international IoT security frameworks and standards. This interim study evaluates Matter specifications against 18 international frameworks to identify compliance and security gaps. An independent IoT security framework, the Cloud Security Alliance (CSA), was used to provide a taxonomy and grouping of security controls, from which six core security domains were initially selected: (i) device certification, (ii) attack-surface minimization, (iii) secure communications (iv) software update mechanisms, (v) logging/telemetry, and (vi) secure storage. The analysis highlights areas where Matter provides strong guidance and where it is less prescriptive compared to regulations and frameworks such as the Cyber Resilience Act (CRA), NIST, and ETSI. Future work will extend the assessment with ten additional domains, extending the analytical mapping of Matter’s compliance and non-compliance, and providing valuable insights for manufacturers, developers, and regulators.