Cyber security for consumer Internet of Things

ETSI has released ETSI EN 303 645 V2.1.1, which outlines 13 baseline requirements for secure consumer IoT devices:

  • No universal default passwords.

  • Implement a means to manage reports of vulnerabilities.

  • Keep software updated.

  • Securely store sensitive security parameters.

  • Communicate securely.

  • Minimize exposed attack surfaces.

  • Ensure software integrity.

  • Ensure that personal data is secure.

  • Make systems resilient to outages.

  • Examine system telemetry data.

  • Make it easy for users to delete user data.

  • Make installation and maintenance of devices easy.

  • Validate input data.

These requirements apply also to commercial solutions.

See the ETSI press release for more information.