The Connectivity Standards Alliance Product Security Working Group Launches the IoT Device Security Specification 1.0

“The unveiling of the IoT Device Security Specification 1.0, alongside its certification program and the Product Security Verified Mark, signals an important milestone in bolstering IoT security and building confidence with consumers,” said Tobin Richardson, Alliance President & CEO of the Connectivity Standards Alliance. “By bringing together diverse international regulations into a cohesive specification, the Product Security Certification Program streamlines the process, reduces redundancy, and provides manufacturers with a singular, respected avenue for certifying their devices globally.”

With the increasing adoption of consumer IoT devices, there is a heightened emphasis on security due to a rise in incidents involving breaches and malicious device hijackings. The Product Security Working Group aims to meet this challenge by consolidating requirements from the three most popular IoT Cybersecurity baselines from the United States, Singapore, and Europe into a single specification and certification program. This unifying effort helps manufacturers more easily and efficiently address these regulatory regimes’ requirements aiming to instill confidence in consumers and regulators.

“As consumers embrace the convenience and value of IoT devices, the Alliance is dedicated to helping to create more comprehensive protection for consumers. This initiative aims to establish a robust baseline for all consumer IoT devices,” said Steve Hanna of Infineon Technologies AG and Chair of the Product Security Working Group Steering Committee. “The Alliance’s Product Security Verified Mark and IoT Device Security Specification 1.0 will make it easier for manufacturers to address consumer IoT security requirements around the world.”

IoT Device Security Specification 1.0 RequirementsThe Product Security’s IoT Device Security Specification includes dozens of specific device security provisions. IoT Device Manufacturers must demonstrate compliance with those provisions, supplying justifications and evidence to an Authorized Test Laboratory with expertise in security evaluation and experience certifying products relative to this specification.

Highlights of the specific requirements include:

Unique identity for each IoT Device
No hardcoded default passwords
Secure storage of sensitive data on the Device
Secure communications of security-relevant information
Secure software updates throughout the support period
Secure development process, including vulnerability management
Public documentation regarding security, including the support period

Nearly 200 member companies — including  Amazon, Arm, Comcast, Google, Infineon Technologies AG, NXP Semiconductors, Schneider Electric, Signify (Philips Hue and WiZ), and Silicon Labs —  have collaborated, pooling related technologies, expertise, and innovations enabling the IoT Device Security Specification 1.0, the accompanying certification program, and Product Security Verified Mark to meet the diverse needs of stakeholders, including consumers, device manufacturers, and regulators. Together, these companies spearheaded the process by driving requirements and specification development and ultimately helping validate the final specification.

The Product Security Certification Program and Verified MarkEncompassing a broad spectrum of smart home devices such as light bulbs, switches, thermostats, doorbell cameras, and more, the Product Security Certification Program establishes minimum requirements for IoT devices. By consolidating several international regulations into a single set of requirements, the Certification Program streamlines the process, helping manufacturers meet certification criteria from multiple countries or regions with a single evaluation.

The Product Security Verified Mark is confirmation a product meets the specification’s security requirements, with the goal of inspiring consumer confidence. When displayed prominently on certified product packaging, store signage, and online platforms, this Verified Mark builds trust by serving as a marker for secure IoT devices. A printed URL, hyperlink, QR code, or a combination of these representations on the Product Security Verified Mark gives consumers access to more information about the device’s security features.

Looking AheadAs technology advances and new threats emerge, the Product Security Working Group remains committed to continuously enhancing the IoT Security Device Specification and the accompanying certification program. To learn more about how to be a part of the next generation of the IoT, visit here and become a Member of the Connectivity Standards Alliance.

About the Connectivity Standards AllianceThe Connectivity Standards Alliance is the foundation and future of the Internet of Things (IoT). Established in 2002, its wide-ranging global membership collaborates to create and evolve universal open standards for the products transforming the way we live, work, and play. With its Members’ deep and diverse expertise, robust certification programs, and a full suite of open IoT solutions the Alliance is leading the movement toward a more intuitive, imaginative, and useful world.

The Connectivity Standards Alliance Board of Directors is comprised of executives from Allegion, Amazon, Apple, ASSA ABLOY, Comcast, Espressif, Eve by ABB, Fortune Brands, Google, Haier, Huawei, IKEA, Infineon Technologies AG, The Kroger Co., LEEDARSON, Legrand, LG Electronics, Lutron Electronics, Midea, Nordic Semiconductor, NXP Semiconductors, OPPO, Resideo Technologies, Samsung Electronics, Schneider Electric, Siemens, Signify (Philips Hue and WiZ), Silicon Labs, Somfy, STMicroelectronics, Tuya, Verizon, and Wulian.

Learn more about the Alliance at www.csa-iot.org; and follow us on: X Facebook LinkedIn.

SOURCE Connectivity Standards Alliance

Go to Source