• Standard
  • DS/ETSI EN 303 645 V2.1.1:2020

DS/ETSI EN 303 645 V2.1.1:2020

CYBER – Cybersikkerhed for forbruger-IoT: Baselinekrav


Status:
Gældende
Type:
Standard
Sprog:
Engelsk
Pris fra:
kr. 145,00

Beskrivelse

The present document specifies high-level provisions for the security of consumer IoT devices, that are connected to
network infrastructure (such as the Internet or home network) and their relationships to associated services. These
relationships encompass both network communications and handling of personal data. A non-exhaustive list of
examples of consumer IoT devices include:
• connected children's toys and baby monitors;
• connected safety-relevant products such as smoke detectors and door locks;
• IoT base stations and hubs to which multiple devices connect;
• smart cameras, TVs and speakers;
• wearable health trackers;
• connected home automation and alarm systems, especially their gateways and hubs;
• connected appliances, such as washing machines and fridges; and
• smart home assistants.
Moreover, the present document addresses constrained devices, such as sensors and actuators. Such devices typically
have limited ability to process, communicate or store data, or limited user interfaces, which affects security
considerations.
EXAMPLE: Window contact sensors, flood sensors and energy switches are typically constrained devices.
The present document provides basic guidance through examples and explanatory text for organizations involved in the
development and manufacturing of consumer IoT on how to implement those provisions. Table B.1 provides a schema
for the reader to give information about the implementation of the provisions.
Applicability of these provisions depends on risk analysis; this is performed by the device manufacturer and/or other
relevant entities and is out of scope of the present document. For certain use cases and following risk assessment, it can
be appropriate to apply additional provisions than those contained within the present document. The present document
provides a foundation level of security for such higher assurance level use cases.
IoT products primarily intended to be used in manufacturing, healthcare or for other industrial applications are not in
scope of the present document.
The present document has been developed primarily to help protect consumers, however, other users of consumer IoT
equally benefit from the implementation of the provisions set out here.
Annex A (informative) of the present document has been included to provide context to main clause 4 (normative).
Annex A contains examples of device and reference architectures, an example model of device states including data
storage for each state and additional description of key stakeholders.

Antal sider: 36

Udgivet: 2020-07-09

Godkendelsesdato: 2020-07-08

Internationale relationer : ETSI EN 303 645 V2.1.1 (2020-06) IDT

ICS: 33.020 - Telekommunikation. Generelt

Varenummer: M338954


Udvalg og komiteer

Komite

  • ETSI/CYBER

Dansk udvalg

DS/V-002