EMC China Lab

Cybersecurity, UK PSTI, and ETSI EN 303 645

Views :
Update time : 2024-07-17

Overview of the PSTI Act

The UK's Product Security and Telecommunications Infrastructure (PSTI) Act is legislation aimed at enhancing the security of telecommunications infrastructure and products. This act specifically focuses on the security of Internet of Things (IoT) devices, mandating that all IoT products sold in the UK market meet specific security requirements. The goal of the PSTI Act is to reduce cybersecurity risks and protect consumers and businesses from potential security threats.

 

Cybersecurity, UK PSTI, and ETSI EN 303 645(图1)


Introduction to the ETSI EN 303 645 Standard

ETSI EN 303 645 is a set of IoT security standards developed by the European Telecommunications Standards Institute (ETSI). This standard aims to provide a series of security guidelines for the design, development, and production of IoT devices. It includes a range of fundamental requirements, such as secure booting without passwords, minimizing the attack surface, and ensuring the security of device software updates, to ensure IoT devices can withstand cyberattacks and data breaches. ETSI EN 303 645 is a globally recognized cybersecurity baseline standard adopted or intended to be adopted by many countries worldwide. It has been officially integrated into the IECEE Scheme, making it a universally accepted standard beyond Europe. Soon, we will see CB reports adopting the ETSI EN 303 645 standard.

 

Relationship Between PSTI and ETSI EN 303 645

The relationship between the PSTI Act and the ETSI EN 303 645 standard lies in the fact that the PSTI Act provides the legal framework and specific requirements for IoT device security, while ETSI EN 303 645 offers the technical guidance to achieve this framework. In other words, the PSTI Act defines the "what" of IoT device security, and the ETSI EN 303 645 standard explains the "how" to meet these security requirements.

 

So, what are the requirements of ETSI EN 303 645 that must be met to comply with the PSTI?

 

There are three main points:

1. Prohibition of Universal Passwords: Avoid using universal passwords and adopt secure encryption methods. The focus is on secure authentication, requiring customers to properly apply security protection protocols for various ports and comply with internationally accepted encryption principles.

 

2. Implementation of Vulnerability Disclosure Management: Companies must establish a vulnerability disclosure policy that allows researchers and users to report potential security issues. This means that companies need to set up a public vulnerability reporting mechanism and commit to timely response and remediation of reported vulnerabilities.

 

3. Transparency of Product Security Update Services: Companies should implement a secure software update mechanism, including the use of signature verification for update integrity and source. Additionally, they should notify users of available updates and possibly offer automatic update options.

 

Conclusion

As IoT devices play an increasingly important role in our daily lives, ensuring their cybersecurity becomes crucial. The UK's PSTI mandatory certification act is a pioneer in the cybersecurity certification market, and more countries and regions are expected to standardize their cybersecurity certification requirements in the future.

 

China JJR Laboratory offers PSTI and ETSI EN 303 645 services.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Electric Kettle RoHS Testing Electric Kettle RoHS Testing
04 .06.2025
Electric kettle RoHS testing is essential for export. China JJR Lab offers fast, reliable RoHS testi...
Display RoHS Testing Display RoHS Testing
04 .06.2025
Display RoHS testing ensures EU compliance by limiting hazardous substances. Testing starts at $450....
electric blanket rohs testing electric blanket rohs testing
04 .06.2025
Electric blanket RoHS & CE testing for EU market compliance. China JJR Laboratory provides certi...
ISO 10993-5 Tests for In Vitro Cytotoxicity ISO 10993-5 Tests for In Vitro Cytotoxicity
04 .03.2025
ISO 10993-5 in vitro cytotoxicity testing evaluates the toxicity of medical devices and biomaterials...
FDA Designated Cytotoxicity Testing Laboratory FDA Designated Cytotoxicity Testing Laboratory
04 .03.2025
FDA-designated cytotoxicity testing lab, JJR China, offers FDA-compliant biocompatibility testing wi...
Cytotoxicity Testing Labs Cytotoxicity Testing Labs
04 .03.2025
Cytotoxicity testing ensures medical device safety. JJR Lab provides compliant certification, meetin...
Introduction to UL94 Flammability Testing Introduction to UL94 Flammability Testing
04 .03.2025
UL94 is a key plastic flammability test for safety and compliance in electronics, automotive, and mo...
Canada Electrical Product Compliance Certification Canada Electrical Product Compliance Certification
04 .03.2025
JJR Lab tests electrical products for compliance with Canadian standards (CSA C22.2/UL), ensuring th...

Leave Your Message