The Connectivity Standards Alliance’s Product Security Working Group is delighted to unveil the IoT Device Security Specification 1.0, alongside its certification programme and Product Security Verified Mark. This pioneering initiative aims to set a unified IoT cybersecurity standard and certification programme, offering manufacturers a comprehensive solution for certifying their devices. This will enable them to more easily comply with a range of international regulations and standards.
Tobin Richardson, President & CEO of the Connectivity Standards Alliance, stated: “The launch of the IoT Device Security Specification 1.0, its certification programme, and the Product Security Verified Mark marks a significant step forward in enhancing IoT security and building consumer trust. By integrating diverse international regulations into a single specification, the Product Security Certification Programme simplifies the process, minimises redundancy, and offers manufacturers a unified, recognised route for certifying their devices worldwide.”
With the growing use of consumer IoT devices, the emphasis on security is increasing due to a rise in breaches and malicious device hijackings. The Product Security Working Group seeks to address this challenge by amalgamating requirements from the three leading IoT Cybersecurity baselines from the United States, Singapore, and Europe into one specification and certification programme. This consolidation helps manufacturers address the requirements of these regulatory regimes more easily and efficiently, aiming to boost confidence among consumers and regulators.
Steve Hanna of Infineon Technologies AG and Chair of the Product Security Working Group Steering Committee, commented: “As consumers enjoy the convenience and benefits of IoT devices, the Alliance is committed to enhancing consumer protection. This initiative seeks to establish a comprehensive baseline for all consumer IoT devices. The Alliance’s Product Security Verified Mark and IoT Device Security Specification 1.0 will simplify the process for manufacturers to meet global consumer IoT security requirements.”
IoT Device Security Specification 1.0 Requirements: The IoT Device Security Specification encompasses numerous specific device security measures. IoT Device Manufacturers must prove compliance with these measures, providing justifications and evidence to an Authorised Test Laboratory with expertise in security evaluation and experience in certifying products according to this specification.
Key requirements include:
- Unique identity for each IoT Device
- No hardcoded default passwords
- Secure storage of sensitive data on the Device
- Secure communications of security-relevant information
- Secure software updates throughout the support period
- Secure development process, including vulnerability management
- Public documentation on security, including the support period
Nearly 200 member companies, such as Amazon, Arm, Comcast, Google, Infineon Technologies AG, NXP Semiconductors, Schneider Electric, Signify (Philips Hue and WiZ), and Silicon Labs, have collaborated on the IoT Device Security Specification 1.0, its certification programme, and Product Security Verified Mark. These companies combined their technologies, expertise, and innovations to meet the varied needs of stakeholders, including consumers, device manufacturers, and regulators.
The Product Security Certification Programme and Verified Mark: The Product Security Certification Programme covers a wide array of smart home devices, setting minimum requirements for IoT devices. By amalgamating several international regulations into one set of requirements, the Certification Programme simplifies the process for manufacturers to meet certification criteria from multiple countries or regions with a single evaluation.
The Product Security Verified Mark signals that a product meets the specification’s security requirements, aiming to bolster consumer confidence. Displayed on certified product packaging, store signage, and online platforms, this Verified Mark fosters trust as a symbol of secure IoT devices. A printed URL, hyperlink, QR code, or a mix of these on the Product Security Verified Mark offers consumers additional information about the device’s security features.
Looking Forward: As technology evolves and new threats arise, the Product Security Working Group is dedicated to continually updating the IoT Security Device Specification and its certification programme. To learn more about joining the next phase of IoT, visit here and become a Member of the Connectivity Standards Alliance.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.