EMC China Lab

Introduction to PSTI and ETSI EN 303 645 Standards

Views :
Update time : 2024-07-17

What is PSTI?

The UK's PSTI Act is a legislative measure aimed at enhancing the security of telecommunications infrastructure and products. This Act specifically focuses on the security of Internet of Things (IoT) devices, requiring all IoT products sold in the UK market to meet specific security requirements. The goal of the PSTI Act is to reduce cybersecurity risks and protect consumers and businesses from potential security threats.

 

Introduction to PSTI and ETSI EN 303 645 Standards(图1)


What is ETSI EN 303 645?

ETSI EN 303 645 is a set of IoT security standards developed by the European Telecommunications Standards Institute (ETSI). These standards aim to provide a series of security guidelines for the design, development, and production of IoT devices. They include a range of fundamental requirements such as secure boot without passwords, minimizing exposed attack surfaces, and ensuring the security of device software updates, all to ensure that IoT devices can withstand cyberattacks and data breaches. ETSI EN 303 645 is a baseline cybersecurity standard adopted or proposed for adoption by most countries globally and has been officially included in the IECEE Scheme. It is no longer limited to Europe and has become a universally recognized standard. Soon, we will see CB reports adopting the ETSI EN 303 645 standard.

 

The Relationship Between PSTI and ETSI EN 303 645

The relationship between the PSTI Act and the ETSI EN 303 645 standard lies in the fact that the PSTI Act provides the legal framework and specific requirements for IoT device security, while ETSI EN 303 645 offers the technical guidelines for achieving this framework. In other words, the PSTI Act defines the "what" of IoT device security, and the ETSI EN 303 645 standard explains "how" to meet these security requirements.

So, what requirements must be met by following PSTI and ETSI EN 303 645?

 

Three main points are:

1. Prohibit Universal Passwords: Avoid using universal passwords by adopting secure encryption methods. Authentication is a key consideration here, requiring clients to correctly apply security protection protocols for various ports and adhere to international standard encryption principles.

2. Implement Vulnerability Disclosure Management: Companies must establish a vulnerability disclosure policy allowing researchers and users to report potential security issues. This can be understood as the need for companies to set up a public vulnerability reporting mechanism and commit to promptly responding to and fixing reported vulnerabilities.

3. Transparency of Product Security Update Services: Companies should implement a secure software update mechanism, including using signature verification for the integrity and source of updates. Additionally, they should inform users about available updates and possibly provide automatic update options.

 

Conclusion

As IoT devices play an increasingly important role in our daily lives, ensuring their cybersecurity becomes crucial. The UK's mandatory PSTI certification is just a pioneer in the cybersecurity certification market, and more countries and regions will standardize cybersecurity certification requirements in the future. China JJR Laboratory provides PSTI certification services for corporate clients as an IEC 17025 authorized laboratory. We welcome you to request a quote.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
IEC EN 61326 Report for Electrical and Laboratory IEC EN 61326 Report for Electrical and Laboratory
01 .23.2025
China JJR Laboratory offers IEC EN 61326 testing for electrical and laboratory equipment, ensuring E...
CE Testing Fees for Charging Piles and Charging Gu CE Testing Fees for Charging Piles and Charging Gu
01 .23.2025
JJR Lab offers CE testing for charging piles and guns, ensuring compliance with LVD, EMC, RoHS, and ...
E-Mark Certification for Vehicle Electronic Applia E-Mark Certification for Vehicle Electronic Applia
01 .23.2025
JJR Lab provides professional E-Mark certification testing to ECE standards, ensuring fast, reliable...
Introduction to Common FCC Standards and Label Req Introduction to Common FCC Standards and Label Req
01 .23.2025
JJR Lab offers FCC certification testing per standards like PART 15 (intentional/unintentional emitt...
Introduction to FCC Part 15 Standards Introduction to FCC Part 15 Standards
01 .23.2025
FCC Part 15 sets EMC limits for RF devices to prevent interference. JJR Lab provides testing for rad...
Compliance Guide for Universal Charger CE Certific Compliance Guide for Universal Charger CE Certific
01 .23.2025
From December 28, 2024, EU mandates USB Type-C ports (EN IEC 62680-1-3:2022) for devices. JJR Lab of...
Amazon Canada: Candle and Candleholder Certificati Amazon Canada: Candle and Candleholder Certificati
01 .22.2025
Amazon Canada requires candles and candleholders to meet specific regulations and standards. JJR Lab...
Compliance for Baby Pacifiers & Clips on Amazo Compliance for Baby Pacifiers & Clips on Amazo
01 .22.2025
Ensure compliance for baby pacifiers & clips on Amazon Australia with AS 2432, EN 1400, or EN 12...

Leave Your Message