IoTSF Supports New Global Consumer Cybersecurity Standard with Self Certification

ETSI TS 103 645 and IoTSF Mapping Document Released

February 19th, 2019

Today, the ETSI Technical Committee on Cybersecurity (TC CYBER) has announced a global standard for cybersecurity in the Internet of Things.

ETSI TS 103 645 is a high-level, baseline standard for Internet-connected consumer products which addresses the exploitation of poor security and consumer privacy. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) or smart home assistants. As many IoT devices and services process and store personal data, this specification can help ensure that these are compliant with the General Data Protection Regulation (GDPR). 

To support the launch of the new standard, IoTSF has published a mapping document which translates the high-level provisions of ETSI TS 103 645 to the more detailed requirements contained in the IoT Security Compliance Framework (Framework). Companies that wish to claim conformance to the standard can now do so by using the mapping document in combination with the Framework to self-certify against the standard.

A Best Practice User Mark is available to use for free to those companies which follow the Framework and wish to declare conformance in their product marketing – more details can be found here.

John Moor, Managing Director of the IoT Security Foundation said “IoTSF welcomes the ETSI announcement as a significant and important development. Our recent work on Coordinated Vulnerability Disclosure policy shows that an alarming number of companies are failing to provision even the most basic of measures. A major challenge for security is cost, and with the publication of this standard, combined with the tools made available by the IoT Security Foundation, companies now have the apparatus to provide fit for purpose security with virtually no additional expense. We encourage companies to implement the standard and get moving right away.”

Richard Marshall,  Plenary Chair of the IoT Security Foundation also commented “Our aspiration extends beyond self-certification as we are also working on a third-party accreditation scheme based on the latest Framework. We are collaborating with our members and partners, which includes OEM’s and global test labs, to determine a Conformity Assessment Scheme which will also support the ETSI TS 103 645 specification. This is anticipated to go a long way to supporting current and future regulatory requirements including GDPR.”

About the IoT Security Compliance Framework

The IoT Security Compliance Framework is a comprehensive checklist to guide an organisation through the IoT security assurance process, gathering evidence in a structured manner to demonstrate conformance with best practice. It is intended to help all companies make high-quality, informed security choices by guiding them through a comprehensive requirement checklist and evidence gathering process. The evidence gathered during the process can used to declare conformance with best practice to customers and other stakeholders. A companion Questionnaire is available to document the evidence gathering process.

The Framework and Questionnaire are available as free downloads from the IoTSF website here 

The ETSI TS 103 645 Mapping document can be downloaded here

The ETSI press release can be seen here

For more information: [email protected]