The Connectivity Standards Alliance (CSA) Product Security Working Group has launched the IoT Device Security Specification 1.0 in a bid to establish a unified IoT cybersecurity standard and certification program.
The IoT Device Security Specification 1.0 will provide manufacturers a one-stop solution to certify their devices, enabling them to comply with multiple international regulations and standards more easily. With the increasing adoption of consumer IoT devices, there is a heightened emphasis on security due to the risk of data breaches. The Product Security Working Group aims to meet this challenge by consolidating requirements from the three most popular IoT Cybersecurity baselines from the United States, Singapore, and Europe into a single specification and certification program.
The Product Security's IoT Device Security Specification includes dozens of specific device security provisions. IoT Device Manufacturers must demonstrate compliance with those provisions, supplying justifications and evidence to an Authorised Test Laboratory with expertise in security evaluation and experience certifying products relative to this specification.
Highlights of the specific requirements include:
- Unique identity for each IoT Device
- No hardcoded default passwords
- Secure storage of sensitive data on the Device
- Secure communications of security-relevant information
- Secure software updates throughout the support period
- Secure development process, including vulnerability management
- Public documentation regarding security, including the support period
The Product Security Verified Mark is confirmation a product meets the specification's security requirements, with the goal of inspiring consumer confidence. When displayed prominently on certified product packaging, store signage, and online platforms, this Verified Mark aims to build trust by serving as a marker for secure IoT devices. A printed URL, hyperlink, QR code on the Product Security Verified Mark gives consumers access to more information about the device's security features.
The specification encompasses a broad spectrum of smart home devices such as light bulbs, switches, thermostats, and doorbell cameras. By consolidating several international regulations into a single set of requirements, the Certification Program streamlines the process, helping manufacturers meet certification criteria from multiple countries or regions with a single evaluation.