Welcome to the BSIMM On-Line Assessment Tool



The security of the Internet of Things and of the internet in general requires that companies include robust processes for development, maintenance and support of connected devices.


But the security of a device relies on more than the sum of individual product features.  Robust cyber security requires a mature product development lifecycle, good corporate governance that is aware of and prioritizes security, threat intelligence used tactically and strategically, and device configuration and management handled in ways that enhance ongoing security.


If You Can’t Measure It, You Can’t Improve It



This is a long and ambitious list of requirements.  How can a company measure capabilities in this regard?  How does a company know where to put resources to improve?



This on-line assessment tool is brought to you by Cigital, the creator of the BSIMM, and by the Consumer Technology Association™, the technology trade association representing the $287 billion U.S. consumer technology industry.


Important Note: This tool is exclusively reserved for CTA member companies.  While you are able to navigate through the questions, no results are available for non-member companies.

About Confidentiality

Individual company data is confidential between the individual company and Cigital, Inc.  Cigital will access the data for the purposes of providing the individual company the results of the assessment.  Cigital will aggregate consumer technology companies' data for the purpose of assessing the industry as a whole, without identifying individual company results.  CTA does not receive or review the data.  

Accessing the Tool

The tool (and more detailed information) is available at the following link:  



Questions, please contact security-assessment@CTA.tech.