EMC China Lab

Introduction to PSTI and ETSI EN 303 645 Standards

Views :
Update time : 2024-07-17

What is PSTI?

The UK's PSTI Act is a legislative measure aimed at enhancing the security of telecommunications infrastructure and products. This Act specifically focuses on the security of Internet of Things (IoT) devices, requiring all IoT products sold in the UK market to meet specific security requirements. The goal of the PSTI Act is to reduce cybersecurity risks and protect consumers and businesses from potential security threats.

 

Introduction to PSTI and ETSI EN 303 645 Standards(图1)


What is ETSI EN 303 645?

ETSI EN 303 645 is a set of IoT security standards developed by the European Telecommunications Standards Institute (ETSI). These standards aim to provide a series of security guidelines for the design, development, and production of IoT devices. They include a range of fundamental requirements such as secure boot without passwords, minimizing exposed attack surfaces, and ensuring the security of device software updates, all to ensure that IoT devices can withstand cyberattacks and data breaches. ETSI EN 303 645 is a baseline cybersecurity standard adopted or proposed for adoption by most countries globally and has been officially included in the IECEE Scheme. It is no longer limited to Europe and has become a universally recognized standard. Soon, we will see CB reports adopting the ETSI EN 303 645 standard.

 

The Relationship Between PSTI and ETSI EN 303 645

The relationship between the PSTI Act and the ETSI EN 303 645 standard lies in the fact that the PSTI Act provides the legal framework and specific requirements for IoT device security, while ETSI EN 303 645 offers the technical guidelines for achieving this framework. In other words, the PSTI Act defines the "what" of IoT device security, and the ETSI EN 303 645 standard explains "how" to meet these security requirements.

So, what requirements must be met by following PSTI and ETSI EN 303 645?

 

Three main points are:

1. Prohibit Universal Passwords: Avoid using universal passwords by adopting secure encryption methods. Authentication is a key consideration here, requiring clients to correctly apply security protection protocols for various ports and adhere to international standard encryption principles.

2. Implement Vulnerability Disclosure Management: Companies must establish a vulnerability disclosure policy allowing researchers and users to report potential security issues. This can be understood as the need for companies to set up a public vulnerability reporting mechanism and commit to promptly responding to and fixing reported vulnerabilities.

3. Transparency of Product Security Update Services: Companies should implement a secure software update mechanism, including using signature verification for the integrity and source of updates. Additionally, they should inform users about available updates and possibly provide automatic update options.

 

Conclusion

As IoT devices play an increasingly important role in our daily lives, ensuring their cybersecurity becomes crucial. The UK's mandatory PSTI certification is just a pioneer in the cybersecurity certification market, and more countries and regions will standardize cybersecurity certification requirements in the future. China JJR Laboratory provides PSTI certification services for corporate clients as an IEC 17025 authorized laboratory. We welcome you to request a quote.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
20 MHz-80 MHz Low-Frequency Radiation Immunity Tes 20 MHz-80 MHz Low-Frequency Radiation Immunity Tes
12 .23.2024
20 MHz-80 MHz Low-Frequency Radiation Immunity Testing: JJR Laboratory offers certified testing, fas...
Amazon Wireless FCC RF Compliance Amazon Wireless FCC RF Compliance
12 .23.2024
Amazon requires FCC compliance proof for RF devices. China JJR Labs offers FCC Part 15 testing for ...
Which Bluetooth products support profiles? Which Bluetooth products support profiles?
12 .23.2024
Bluetooth products support various profiles like A2DP, AVRCP, HFP, and more. JJR Lab provides testin...
What is the ANSI C136.31-2023 Testing Standard? What is the ANSI C136.31-2023 Testing Standard?
12 .23.2024
The ANSI C136.31-2023 standard outlines vibration resistance tests for roadway and area lighting fix...
RED-DA Regulations and Standards EN 18031 RED-DA Regulations and Standards EN 18031
12 .23.2024
RED-DA regulations ensure IoT device cybersecurity, covering data protection, fraud prevention, and ...
PDU Safety Testing and Certification Laboratory PDU Safety Testing and Certification Laboratory
12 .23.2024
JJR Laboratory provides PDU testing and certification services, offering accredited solutions for po...
Automotive LiDAR AECQ Certification Automotive LiDAR AECQ Certification
12 .21.2024
Automotive LiDAR AECQ certification ensures reliability for autonomous driving by requiring componen...
Bluetooth Speaker Export Certification Services Bluetooth Speaker Export Certification Services
12 .21.2024
JJR Lab offers Bluetooth speaker export testing services, ensuring compliance with global certificat...

Leave Your Message