ETSI Security Week: Consumer IoT security standards
Jasper Pandza, Moderator, Gisela Meister
About this talk
A significant proportion of consumer Internet of Things (IoT) or ‘smart’ products currently on the market lack basic cyber security provisions. ETSI TC CYBER has developed European Standard (EN) 303 645 “Cyber Security for Consumer Internet of Things: Baseline Requirements”, which is expected to be published in July, to bring together widely considered good security / privacy practice for consumer IoT devices. The EN has been developed in collaboration with CEN/CENELEC JTC 13 experts. It is expected to inform the development of new legislation on IoT security in Europe and beyond.
TC CYBER is also taking forward TS 103 701, which will set out test scenarios for assessing products against EN 303 645. It is to set out mandatory and recommended assessments, as well as guidance and examples to support their implementation. The document is intended to be used by testing labs and certifying bodies that provide assurance on the security of relevant products, as well as manufacturers that wish to carry out a self-assessment. The document is intended as input to a future EU common cybersecurity certification scheme as proposed in the Cybersecurity Act.