IoT devices often perform data collection, data exchange, data processing, and data reaction tasks. The IoT device market is rapidly growing, with a large number of devices being deployed in a wide range of sectors, including healthcare (IoMT), manufacturing (IIoT), energy (IoT), and transportation.
One of the key challenges in the IoT device market is cybersecurity. Because IoT devices are connected to a network, they are vulnerable to cyber attacks that can compromise the confidentiality, integrity, and availability of the device, and the information it processes.
This can have serious consequences, especially for devices that handle sensitive information or are critical to the operation of a system.To address these challenges, manufacturers and other stakeholders need to implement robust cybersecurity measures and follow relevant regulations and standards. This can help to reduce the risk of cyber-attacks and ensure the security of IoT devices.
IoT Security Standards are regulatory standards for the security of IoT devices.
ETSI EN 303 645 is a technical specification developed by the European Telecommunications Standards Institute (ETSI) that provides guidelines for the security of Internet of Things (IoT) devices.
ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. Consumer IoT Products are internet-connected devices that any person can have at home nowadays. This standard covers consumer IoT devices that are connected to network infrastructure and their interactions with associated services, like smart tv’s, CCTV cameras, speakers, connected home automation devices, IoT gateways, base stations, HUBs, wearable health trackers, baby monitors, IoMT devices, connected home appliances like smart refrigerators and washing machines, or connected alarm systems, door locks, smoke detectors, among many others. The ETSI 303 645 standard aim is to prepare these devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices.
It provides a basis for future IoT certification schemes. ETSI EN 303 645 contains a set of 13 cybersecurity categories and some provisions specifically focused on Data Protection.
In addition to providing guidelines for device security,
ETSI EN 303 645 also includes recommendations for the management of security risks, including the identification and assessment of risks, the implementation of controls to mitigate those risks, and the ongoing monitoring of risks.
The standard contains regulations to improve device security and minimize cyber threats. It helps manufacturers of consumer IoT devices to provide a range of features that protect their customers' personal data while complying with privacy laws and regulations (e.g. GDPR). It is the foundation of future IoT certification systems.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
Manufacturers must implement the requirements defined by the ETSI EN 303 645 standard in their products to get them certified. The ETSI EN 303 645 standard includes 33 cybersecurity requirements and 35 cybersecurity recommendations.
CCLab will support your documentation needs by providing you the templates of the DUT (Device Under Test) Identification, the Implementation Conformance Statement (ICS), and the Implementation of eXtra Information for Testing (IXIT), with guidelines on how to fill them out.
Get your product tested by CCLab. We evaluate your product and issue an evaluation report of your product at the end of the project. The issued Statement of Conformity can be a good basis for further certification.
Training/Consultancy - We offer workshops to guide developers on their journey to ETSI EN 303 645 compliance. We provide insights and document templates for preparing the ICS, IXIT, and additional documentation needed for an evaluation.
Gap Analysis: - We assess the products to determine the differences between the current security implementation and the provisions defined in ETSI EN 303 645.
Product Evaluation: - We evaluate the product based on the applicable provisions of the ETSI EN 303 645 and will issue a conformance evaluation report as well as the identified security gaps.
Statement of Conformity - CCLab issues a Statement of Conformity when the evaluated product meets the requirements defined in ETSI EN 303 645.
Do you want to know more about Consumer IoT Cybersecurity?
Due to the upcoming deadline, QIMA and CCLab are organizing a joint webinar to familiarize registrants with the details of PSTI, which products it affects, to whom it applies and to present its relevant services.
As the IoT device market is rapidly growing, one of the most important challenges in the IoT device market is cybersecurity. Because these devices are connected to a network, they are vulnerable to cyberattacks that could compromise the confidentiality, integrity, and availability of the device and the information it processes. This can have serious consequences.
Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.
CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.
The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.
"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."
The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.
It was a well-managed project which achieved success in an effortless manner.
We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.
On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.
Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.