ETSI has released ETSI EN 303 645 V2.1.1, which outlines 13 baseline requirements for secure consumer IoT devices:
- No universal default passwords.
- Implement a means to manage reports of vulnerabilities.
- Keep software updated.
- Securely store sensitive security parameters.
- Communicate securely.
- Minimize exposed attack surfaces.
- Ensure software integrity.
- Ensure that personal data is secure.
- Make systems resilient to outages.
- Examine system telemetry data.
- Make it easy for users to delete user data.
- Make installation and maintenance of devices easy.
- Validate input data.
These requirements apply also to commercial solutions.
See the ETSI press release for more information.