Consumer IoT Security Guidance

Consumer IoT has been a priority for the IoT Security Foundation since we were established in 2015 and we have worked with many stakeholders to improve the status of cybersecurity for consumers. We are pleased to continue this work with a series of guides and training webinars.

The Quick Guides and On-Demand Webinars build upon the ETSI EN 303 645 v2.1.1 (2020-06) specification on consumer IoT cybersecurity published in 2020. It is the first international standard of its kind and there is already evidence of governments publishing guidance and preparing legislation based on it. This will impact the IoT producer community – designers, developers, manufacturers and other vendors. These materials focus on the top 3 cyber security provisions for consumer IoT: No Universal Default Passwords, A Means to Manage Vulnerability Reports, and Keeping Software Updated.

UPDATE: Note that the UK’s PSTI Act came into force in December 2022 and the regulation will come into force on April 29th 2024. If you are a manufacturer, an authorised representative, an importer or a distributor of connected products bound for the UK market this directly affects you. More can be found on the UK Government’s website here: https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime