ETSI EN 303 645 CYBER SECURITY

ETSI EN 303 645 CYBER SECURITY TESTING SERVICES

The exponential increased number of connected IoT assets is creating new a paradigm where more powerful threats are emerging in numbers. Cybersecurity issues related cost has become one of the obstacles restricting the widespread deployment of IoT services and the main concern for manufacturers and vendors. National governments in various regions across the world are formulating and promulgating new IoT security regulations such as ETSI EN 303 645.  

WHAT IS ETSI EN 303 645 STANDARD?

The European Telecommunications Standards Institute, or ETSI standard released a new standard ETSI EN 303 645 in 2019, which brings together widely considered good practice in security for Internet-connected consumer devices in a set of high-level outcome-focused provisions. This standard is to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products. Its focus is on the technical controls and organizational policies that matter most in addressing the most significant and widespread security shortcomings. Overall, a baseline level of security is considered; this is intended to protect against elementary attacks on fundamental design weaknesses such as the use of easily guessable passwords. 

OUR ETSI 303 645 CYBER SECURITY SERVICES AT A GLANCE

Our ETSI EN 303 645 testing experts are intimately familiar with the cyber fraud and data privacy regulations in specific markets and a deep understanding of the cyber threat field, working with customers around the world to fully unlock the potential of the digital future. Cyber security and data protection are one of our core capabilities. From product design, manufacturing to operations, we provide you with intimate support at every step to reduce the cybersecurity and data privacy disclosure risk. 

Below is a quick overview of the services that TÜV SÜD provides: 

  • ETSI EN 303 645 cyber security testing and evaluation service
  • IoT basic security check
  • Vulnerability Assessment and Penetration Testing
  • Data protection assessment to support your GDPR compliance

This is a non-exhaustive list of examples of consumer IoT devices that we can do ETSI cyber security testing for: 

  • Network and network device and related system
  • Smart home assistants
  • Connected children's toys and baby monitors
  • Connected smoke detectors, door locks and window sensors
  • IoT gateways, base stations and hubs to which multiple devices connect
  • Smart cameras, TVs and speakers
  • Wearable health trackers
  • Connected home automation and alarm systems
  • Connected household appliances, such as washing machines and fridges
  • Smart home assistants 

WHY IS ETSI EN 303 645 CYBER SECURITY IMPORTANT?

ETSI EN 303 645 is one of the first cohesive global standard for IoT cybersecurity. The standard presents an achievable, single target for manufacturers and IoT stakeholders to attain. The ETSI EN 303 645 also helps with consumer confidence in the security of everyday products that connect to the internet. As consumers are unlikely to understand the technicalities of their connected wearables or connected products, having products comply to ETSI EN 303 635 is an indicator that the product has meet some cybersecurity standards to ensure a degree of safety from cyber threats.

HOW DOES ETSI EN 303 645 TESTING BENEFIT BUSINESSES?

ETSI EN 303 645 is a cybersecurity standard for consumer IoT (CIoT) products, ensuring device security, communication integrity, and personal data privacy. This standard enables businesses to conduct precise assessments and testing for product conformance, providing several key benefits:

  • Competitive Advantage: ETSI EN 303 645 compliance indicates a commitment to cybersecurity, appealing to security-conscious consumers and providing a significant competitive edge.
  • Risk Mitigation: The standard helps identify and address security vulnerabilities in IoT devices, reducing the risk of cyberattacks, data breaches, and other security incidents, which protects the company’s reputation.
  • Proof of Quality: Compliance to ETSI EN 303 645 demonstrates that products meet recognised security standards, instilling consumer trust and potentially boosting sales and customer loyalty.
  • Streamlined Compliance: Aligning with this standard simplifies adherence to future regulations imposed by global regulatory bodies.
  • Cost Efficiency: It is less expensive than the repercussions of a security breach, such as financial losses and damage to reputation. Proactive security issue resolution can also reduce long-term costs.
  • Enhanced Product Development: Testing can reveal product flaws early, allowing improvements before mass production, which enhances product reliability and security.

WHY CHOOSE TÜV SÜD FOR ETSI EN 303 645 CYBER SECURITY? 

TÜV SÜD has multiple information security testing centers around the world to provide customers with optimized information security testing solutions and information security certifications. Our cyber security expert team is constantly learning the latest network security vulnerabilities and defense technologies. Senior experts play an active role in the standardization committee and international industry activities, understand the latest industry development trends, provide enterprises with more information security related tests services to reduce the risk of business information technology systems.

TÜV SÜD is recognised by IECEE CB to conduct testing for consumer-connected products against ETSI EN 303 645, to issue CB-type test reports and CB certificates for compliance with this standard. 


Your benefits at a glance

  • Gain competitive edge - by certifying your products as it is critical in competing with other well-established security products have already been evaluated.
  • Minimise risks - by certifying your products with a well-established cybersecurity standard such as ETSI EN 303 645
  • Proof of quality - by signaling to customers the cyber security of your products.

 

Frequently Asked Questions

 

  • What is the ETSI security framework?

    The ETSI EN 303 645 security framework is a globally accepted standard for consumer IoT devices. It defines a security baseline to safeguard IoT devices from common cyber threats and large-scale malicious attacks such as DDoS and spying of individuals personal lives.

    This framework provides 13 recommendations for IoT certification programs and recommends building security into the design itself.

     

  • What are the key elements of ETSI?

    The key elements of ETSI cyber security for consumer IoT devices are:

    1. No default and universal passwords
    2. Report device vulnerabilities to the OEM
    3. Keep the device software updated
    4. Protect the sensitive security parameters
    5. Secure communications
    6. Minimise exposed attack surfaces
    7. Uphold software integrity
    8. Secure the consumer’s personal data
    9. Design systems that are resilient to outages
    10. Examine the telemetry data of the system
    11. Allow users to delete personal data
    12. Easily install and maintain IoT devices
    13. Validate all input data

     

EXPLORE

Consumer Products and Retail Essentials
E-ssentials

Consumer Products & Retail Essentials

Consumer trust is key when you manufacture or retail products that are part of everyone’s daily life

Learn more

Consumer IoT Security
Stories

Consumer IoT Security

How can we ready ourselves in the face of cyber attacks?

Learn more

Introduction to IoT vulnerabilities teaser
Webinar
VIEW ALL INDUSTRY RESOURCES

Next Steps

Site Selector