TR 91 : 2021
Cybersecurity labelling for consumer IoT
Synopsis PDF For Preview Only
This standard introduces a multi-levelled and cost-effective cybersecurity labelling for consumer IoT. It aims to raise the cybersecurity hygiene of the IoT ecosystem by improving the transparency of cybersecurity provisions. Cybersecurity labelling for consumer IoT provides a basic level of security assurance through the elimination of common vulnerabilities using a simple, tiered, and progressive assessment model for IoT devices that avoids resource-intensive security evaluations.
It also provides a basic level of security hygiene which is typically expected for consumer IoT, i.e. to be able to deter casual adversaries utilising common attack vectors such as default factory credentials or the exploitation of vulnerable protocols. It does not offer formal security assurance. Given sufficient time, determined adversaries who possess advanced skillsets and tools can be capable of compromising such IoT devices, regardless of whether it is labelled. Users seeking higher security assurance – e.g. enterprise, manufacturing, industrial applications and healthcare – are strongly recommended to consider devices certified under formal evaluation and certification schemes
General Information
Status | Current |
---|---|
Edition | 2021 |
No. of Pages | 23 |
ICS Classification | 35.030 IT Security |
Committee | Information Technology Standards Committee |
Available for Purchase | Global |
Adoption |
TR 68 - 3 : 2021
Autonomous vehicles – Part 3 : Cybersecurity principles and assessment framework
TR 68 - 3 (Redline version) : 2021
Autonomous vehicles – Part 3 : Cybersecurity principles and assessment framework
WA 1 : 2021
Cybersecurity self-evaluation checklist and guidelines for digitalisation in manufacturing
SS ISO/IEC 21878 : 2019
Information technology — Security techniques - Security guidelines for design and implementation of virtualised servers
SS IEC 62443 - 4-1 : 2018
Security for industrial automation and control systems – Part 4-1: Secure product development lifecycle requirements
Comments