The cybersecurity standard is suitable for a wide range of consumer products including IoT gateways, wearables, monitors, door locks, televisions and speakers, and household smart appliances.
The ETSI EN 303 645 cybersecurity standard outlines 13 provisions or requirements for consumer IoT as follows:
- No universal default passwords
- Implement a means to manage reports of vulnerabilities
- Keep software updated
- Securely store and transmit personal data
- Minimize data collection
- Ensure secure communication
- Secure software
- Implement secure and documented communication
- Implement secure and documented storage
- Ensure software integrity
- Conduct a privacy impact assessment
- Define a secure lifecycle
- Provide a vulnerability disclosure policy
In addition, the standard also outlines a data protection provision which requires manufacturers to provide features within consumer IoT devices that support protection of personal data.