Consumer IoT (ETSI EN 303 645) Cybersecurity

ETSI EN 303 645 is the first globally applicable Cybersecurity
Standard for Consumer IoT Devices.
section-97f4a6d

IoT cybersecurity solutions

Reduce the risk of cyber-attacks and ensure the security of IoT devices.

IoT devices often perform data collection, data exchange, data processing, and data reaction tasks. The IoT device market is rapidly growing, with a large number of devices being deployed in a wide range of sectors, including healthcare (IoMT), manufacturing (IIoT), energy (IoT), and transportation.

One of the key challenges in the IoT device market is cybersecurity. Because IoT devices are connected to a network, they are vulnerable to cyber attacks that can compromise the confidentiality, integrity, and availability of the device, and the information it processes.

This can have serious consequences, especially for devices that handle sensitive information or are critical to the operation of a system.To address these challenges, manufacturers and other stakeholders need to implement robust cybersecurity measures and follow relevant regulations and standards. This can help to reduce the risk of cyber-attacks and ensure the security of IoT devices.

Number of internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecast from 2022 to 2030 (in billions).

IoT Security Standards are regulatory standards for the security of IoT devices.

section-6f6a2cc

ETSI EN 303 645 - The Cybersecurity Standard for
Consumer IoT Devices


ETSI EN 303 645 is a technical specification developed by the European
Telecommunications Standards Institute (ETSI) that provides guidelines for the
security of Internet of Things (IoT) devices.

ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. Consumer IoT Products are internet-connected devices that any person can have at home nowadays. This standard covers consumer IoT devices that are connected to network infrastructure and their interactions with associated services, like smart tv’s, CCTV cameras, speakers, connected home automation devices, IoT gateways, base stations, HUBs, wearable health trackers, baby monitors, IoMT devices, connected home appliances like smart refrigerators and washing machines, or connected alarm systems, door locks, smoke detectors, among many others. The ETSI 303 645 standard aim is to prepare these devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices.
It provides a basis for future IoT certification schemes. ETSI EN 303 645 contains a set of 13 cybersecurity categories and some provisions specifically focused on Data Protection.
In addition to providing guidelines for device security,
ETSI EN 303 645 also includes recommendations for the management of security risks, including the identification and assessment of risks, the implementation of controls to mitigate those risks, and the ongoing monitoring of risks.
The standard contains regulations to improve device security and minimize cyber threats. It helps manufacturers of consumer IoT devices to provide a range of features that protect their customers' personal data while complying with privacy laws and regulations (e.g. GDPR). It is the foundation of future IoT certification systems.

How to comply with the ETSI EN 303 645 standard?


Manufacturers must implement the requirements defined by the ETSI EN 303 645
standard in their products to get them certified. The ETSI EN 303 645 standard
includes 33 cybersecurity requirements and 35 cybersecurity recommendations.

section-5b0cfb4
GET PREPARED FOR ETSI 303 645

Teligencia Labs will support your documentation needs by providing you the templates of the DUT (Device Under Test) Identification, the Implementation Conformance Statement (ICS), and the Implementation of eXtra Information for Testing (IXIT), with guidelines on how to fill them out.

GET YOUR PRODUCT EVALUATED

Get your product tested by Teligencia Labs. We evaluate your product and issue an evaluation report of your product at the end of the project. The issued Statement of Conformity can be a good basis for further certification.

section-cd9b517

What ETSI EN 303 645 compliance services does Teligencia Labs offer?

How can we help?

  • Training/Consultancy - We offer workshops to guide developers on their journey to ETSI EN 303 645 compliance. We provide insights and document templates for preparing the ICS, IXIT, and additional documentation needed for an evaluation.
  • Gap Analysis: - We assess the products to determine the differences between the current security implementation and the provisions defined in ETSI EN 303 645.
  • Product Evaluation: - We evaluate the product based on the applicable provisions of the ETSI EN 303 645 and will issue a conformance evaluation report as well as the identified security gaps.
  • Statement of Conformity - Teligencia Labs issues a Statement of Conformity when the evaluated product meets the requirements defined in ETSI EN 303 645

Got any questions?
Book a free consultation with our expert!

Get in touch with us!


info@teligencia.com

Contact Us

Request a Quote