An Analysis of Matter IoT Security Against International Standards and Regulatory Framework
Publication Type: Paper
Authors: Andrew Losty (UCL), Anna Maria Mandalari (UCL)
Venue: Workshop on Security and Privacy in Standardized IoT (SDIoTSec) 2026, San Diego, CA, USA
ISBN: 978-1-970672-01-5
DOI: https://dx.doi.org/10.14722/sdiotsec.2026.23066
Conference Website: www.ndss-symposium.org
Assessed Standards and Regulatory Frameworks
Matter Security Standards Analysis
Abstract
As Matter adoption and device deployment grow, it is essential to assess alignment with international IoT security frameworks and standards.
This interim study evaluates Matter specifications against 18 international frameworks to identify compliance and security gaps.
An independent IoT security framework, the Cloud Security Alliance (CSA), was used to provide a taxonomy and grouping of security controls, from which six core security domains were initially selected:
(i) device certification, (ii) attack-surface minimization, (iii) secure communications, (iv) software update mechanisms, (v) logging/telemetry, and (vi) secure storage.
The analysis highlights areas where Matter provides strong guidance and where it is less prescriptive compared to regulations and frameworks such as the Cyber Resilience Act (CRA), NIST, and ETSI.
Future work will extend the assessment with ten additional domains, extending the analytical mapping of Matter’s compliance and non-compliance, and providing valuable insights for manufacturers, developers, and regulators.