Cyber security for consumer Internet of Things
ETSI has released ETSI EN 303 645 V2.1.1, which outlines 13 baseline requirements for secure consumer IoT devices:
No universal default passwords.
Implement a means to manage reports of vulnerabilities.
Keep software updated.
Securely store sensitive security parameters.
Communicate securely.
Minimize exposed attack surfaces.
Ensure software integrity.
Ensure that personal data is secure.
Make systems resilient to outages.
Examine system telemetry data.
Make it easy for users to delete user data.
Make installation and maintenance of devices easy.
Validate input data.
These requirements apply also to commercial solutions.
See the ETSI press release for more information.