ETSI EN 303 645 for IoT Security

IoT Product Security/Privacy Protection ETSI EN 303 645
After nearly 10 years of development, the implementation of the Internet of Things in various industries has begun to accelerate. While bringing convenience to connected consumers, IoT cybersecurity issues have gradually emerged. The IoT devices are frequently attacked by hackers since the products' security is insufficient. To prevent large scale attacks, ETSI (European Telecommunications Standards Institute) released the consumer IoT devices security and privacy protection standard ETSI EN 303 645 in June 2020, covering IoT products including wearable health tracking devices, smart voice assistants, smart home assistants, door locks, video surveillance cameras, smart refrigerators, washing machines, etc.; compliant with the requirements of ETSI EN 303 645 cybersecurity standard to ensure consumer IoT security and protect consumers' privacy and personal data.
ETSI EN 303 645 Security Standard for Consumer IoT Covering 13 Categories
There are 13 categories from different areas are covered by ETSI regulations and requirements for IoT product security and privacy:
  • No universal default passwords.
  • Implement a means to manage reports of vulnerabilities.
  • Keep software updated.
  • Securely store sensitive security parameters.
  • Communicate securely.
  • Minimize exposed attack surfaces.
  • Ensure software integrity.
  • Ensure that personal data is secure.
  • Make systems resilient to outages.
  • Examine system telemetry data.
  • Make it easy for users to delete personal data.
  • Make installation and maintenance of smart devices easy.
  • Validate input data.
IoT Product Security/Privacy Compliance Consultant
ETSI EN 303 645 provides a basic cybersecurity requirement that enables products to withstand critical cybersecurity threats and comply with GDPR requirements for personal data protection and consumer privacy. Onward Security is the only ETSI EN 303 645 testing lab authorized by TAF ISO 17025 in Taiwan; it builds a testing environment and conducts detailed tests according to the physical products and related technical documents. The entire test results correspond to ETSI regulations and requirements, and it provides customers with product test reports, as well as elaborates the test results and professional advice.
At present, the regulations or schemes of many countries have adopted the ETSI EN 303 645, the globally applicable standards, including EU CSA, RED, Singapore CLS, and more. Onward Security ISO 17025 security labs in Taiwan and Japan are both ETSI EN 303 645 authorized and able to provide testing and consulting services to local IoT device manufacturers to ensure their products comply with local cybersecurity directives and privacy protection standards that can be time to market successfully.