The management and control of heterogeneous IoT devices in cyber-physical systems (CPS) involves ensuring authorized access to cloud-stored data, including instructions, commands, and configuration settings, and issuing them securely to IoT devices for remote execution. Existing access management techniques present various security challenges in ensuring fine-grained access control to sensitive data present on untrusted cloud servers. These challenges are further complicated by the need to dynamically evaluate contextual parameters linked to IoT devices before issuing instructions. This work proposes a secure and context-aware encryption technique for remote access control of IoT devices. Leveraging ciphertext-policy attribute-based encryption (CP-ABE), the scheme encrypts instructions, requiring the user’s decryption key to satisfy embedded access policies for access. The integration of access policies considers both user attributes and dynamic parameters associated with IoT devices, ensuring a comprehensive evaluation before access is granted. To verify the dynamic parameters, fog-based servers are employed, positioned in proximity to IoT devices for efficient and real-time assessment. The scheme introduces a two-phase decryption process, involving fog servers in generating key components based on the verified dynamic parameters (of IoT devices) that are combined with the user’s existing key to ensure secure partial decryption. Final decryption is performed by the user who securely sends instructions for execution on the IoT devices. Our proposed cryptosystem security and computational complexity analysis demonstrate the scheme’s effectiveness in achieving secure and context-aware IoT device access in dynamic CPS environments, ensuring efficient control, monitoring, and automation while preserving data privacy.