DS/ETSI EN 303 645 V3.1.3:2024

CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements

The present document specifies high-level security and data protection provisions for consumer IoT devices that are*connected to network infrastructure (such as the Internet or home network) and their interactions with associated*services. A non-exhaustive list of examples of consumer IoT devices includes:*• connected children's toys and baby monitors;*• connected smoke detectors, door locks and window sensors;*• IoT gateways, base stations and hubs to which multiple devices connect;*• smart cameras, smart speakers and smart TVs together with their remote controls;*• wearable health trackers;*• connected home automation and alarm systems, especially their gateways and hubs;*• connected appliances, such as washing machines and fridges; and*• smart home assistants.*Moreover, the present document addresses security considerations specific to constraints in device resources.*EXAMPLE: Typical device resources that might constrain the security capabilities are energy supply,*communication bandwidth, processing power or (non-)volatile memory capacity.*The present document provides basic guidance through examples and explanatory text for organizations involved in the*development and manufacturing of consumer IoT on how to implement those provisions. Table B.1 provides a schema*for the reader to give information about the implementation of the provisions.*Devices that are not consumer IoT devices, for example those that are primarily intended to be used in manufacturing,*healthcare or other industrial applications, are not in scope of the present document.*The present document has been developed primarily to help protect consumers, however, other users of consumer IoT*equally benefit from the implementation of the provisions set out here.*Annex A (informative) of the present document has been included to provide context to clauses 4, 5 and 6 (normative).*Annex A contains examples of device and reference architectures and an example model of device states including data*storage for each state.