ETSI EN 303 645 IoT Certification Test Laboratory

With the rapid development of IoT technology, smart devices have penetrated into every aspect of our lives. From wearable health tracking devices to smart home systems to smart surveillance cameras, IoT products have become an important part of modern life. However, with the popularity of IoT products, their security issues have become increasingly prominent. In order to ensure the security of IoT products, the European Telecommunications Standards Institute (ETSI) officially released the ETSI EN 303 645 standard in 2020, which is the first global cybersecurity standard for consumer IoT products.

The importance of the ETSI EN 303 645 standard is self-evident. It provides an effective evaluation method to greatly reduce the risk of device intrusion or abuse. At the same time, the standard also meets the requirements of GDPR, protects personal data and consumer privacy, and this standard has been directly adopted/widely cited by many countries. In the context of the increasingly severe current cybersecurity situation, the implementation of the ETSI EN 303 645 standard is of great significance to improving the security of IoT products.

ETSI EN 303 645 Cybersecurity 13 provisions

1. No universal default passwords
2. Implement a management method for vulnerability reports
3. Keep software updated
4. Store sensitive security parameters securely
5. Secure communications
6. Minimize exposed attack surfaces
7. Ensure software integrity 8.
Ensure the security of personal data
9. Make the system resistant to interruptions
10. Check the system's telemetry data
11. Enable users to easily delete user data
12. Make device installation and maintenance simple
13. Validate input data

Scope of application of ETSI EN 303 645

• Smart children's toys and baby monitors;
• Smart smoke detectors, door locks and window sensors;
• IoT gateways, base stations and hubs that connect multiple devices;
• Smart cameras, TVs and speakers;
• Wearable health trackers;
• Connected home automation and alarm systems, and related gateways and hubs;
• Connected devices such as washing machines and refrigerators;
• Smart home assistants.

ETSI EN 303 645 has been included in the CB Scheme

On August 2, 2023, the ETSI EN 303645 standard was officially incorporated into the CB system.

TEPCO's Software and Information Security Laboratory has comprehensive software and hardware network security testing capabilities (such as GB/T25001.25, EN303 645 and other standards), and can help customers meet relevant Chinese network security standards and international network security baseline requirements in product software and hardware.