Category
Guidance Document
Type
Standard
Access
Open
Status
Active
Created
Sep 2020
This document provides cyber security guidance for manufacturers of Internet of Things (IoT) devices, such as drones, security cameras, smart televisions, solar inverters and other ‘smart’ devices. It outlines 13 secure-by-design principles from Australia’s AS ETSI EN 303 645 standard on cyber security for consumer IoT devices.
Main sections:
· No duplicated default or weak passwords
· Implement a vulnerability disclosure policy
· Keep software securely updated
· Securely store credentials
· Ensure that personal data is protected
· Minimise exposed attack surfaces
· Ensure communication security
· Ensure software integrity
· Make systems resilient to outages
· Monitor system telemetry data
· Make it easy for consumers to delete personal data
· Make installation and maintenance of devices easy
· Validate input data
· Further information
Main sections:
· No duplicated default or weak passwords
· Implement a vulnerability disclosure policy
· Keep software securely updated
· Securely store credentials
· Ensure that personal data is protected
· Minimise exposed attack surfaces
· Ensure communication security
· Ensure software integrity
· Make systems resilient to outages
· Monitor system telemetry data
· Make it easy for consumers to delete personal data
· Make installation and maintenance of devices easy
· Validate input data
· Further information
Access IoT Secure-by-Design Guidance for Manufacturers
By accessing this content, you are leaving this website. The Agency takes no responsibility for the accuracy of content on the destination page.