ETSI EN 303 645 / Consumer IoT
For most of the time, consumer products have been regarded and rated only based on their functionalities, and of course their price.
However, recently discovered security vulnerabilities and attacks on such products such as the Mirai botnet are making users more aware about the cybersecurity risks. Moreover, the fact that these products are connected to the same network to which other sensitive services or data is being stored or processes, makes their security impact much larger. Developers and architects determine the security of these products, and international standards and best practices are the best ways to guide security implementations.
HOW LCIE CAN HELP
LCIE Bureau Veritas can support with testing and certification based on the most relevant international publications in the domain of consumer products.
CONSUMER IOT CERTIFICATION
Consumer IoT products need to have a very well-thought-out approach towards security assessments and certification. It requires efficient and effective testing, with limited effort and costs. Moreover, such a certification program needs to take into account the high-paced software update process associated with these products. Certification for IoT products (based on Common Criteria or ETSI EN 303 645) is currently voluntary.
On the other hand, there are international discussions on mandating (by regulation) a minimum of security features linked to these connected products. For example, in the EU, the Radio Equipment Directive (RED) will shortly incorporate requirements linked to cybersecurity. These requirements will ask for protection of software updates, confidentiality of personal data, as well as protection against malicious impact on the other components connected to the same network.
Bureau Veritas can support with consumer IoT certification based on ETSI EN 303 645 and Common Criteria, as well as tailored testing in line with the security requirements of the RED.
Support and Preparation
– Design Reviews
Compliance and Testing
– ETSI EN 303 645
– BV IoT Class 1 (CTIA 1)