This paper defines a framework for the design and development of information assurance (IA) for the Internet of Things (IoT). The paper will review related work, concepts and definitions, information assurance models, information assurance profiles, and reference architecture. In this framework, IA models play a central role. It includes risks or characteristics, information states, and a variety of measures that can be used to mitigate risks. Thus, an information assurance model can be extended in multiple ways. New characteristics can be introduced, additional information states can be identified, and new types of measures can be used to address those characteristics. The example characteristic considered here is the human characteristic. It refers to the risks associated with people using technologies whose behavior they cannot explain or predict, such as AI and ML. These two technologies, like many others, attempt to automate human effort related to thinking or reasoning. The way information assurance models can be extended and an example of an extension and several applications is provided. Finally, the concept of an information assurance profile of an IoT system is introduced. IA profiles are intended to summarize all of the elements of design that relate to information assurance, whether for purposes of security, privacy or even trust. They record how the characteristics and information states of IoT systems have been addressed. Profiles can be used later as guidance for developing information assurance for similar IoT systems, e.g., information assurance requirements for power systems and transportation systems.