This document provides guidelines on risks, principles and controls for security and privacy of Internet of Things (IoT) solutions.