European standards body Etsi has released the test specification for the EN 303 645 consumer IoT security standard. This test specification, TS 103 701, describes how a conformity assessment is performed in a structured and comprehensive way.

This will allow supplier organisations such as manufacturers, vendors or distributers to assess the compliance of their devices against EN 303 645 in self-assessments or via testing labs. User organisations can also apply the test specification for in-house testing.

EN 303 645, released in June 2020, involved all stakeholders of the IoT cyber-security landscape and was developed with industry, academics, testing institutes and international government bodies. As more consumer devices connect to the internet, the cyber security of the IoT has become a growing concern. The EN is designed to prevent large-scale, prevalent attacks against smart devices that cyber-security experts see every day.

IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances such as washing machines and fridges, and smart home assistants.

Compliance with the standard restricts the ability of attackers to control devices across the globe – known as botnets – to launch DDoS attacks, mine cryptocurrency and spy on users in their own homes.

This standard has become a reference for securing IoT devices all over the world and is already used by several cyber-security regulations. Today, fitness watches, home automation devices, smart hubs, robot vacuum cleaners, dishwashers and more devices are already compliant with the Etsi standard.

As multiple public and private sector organisations are developing certification and labelling schemes for consumer IoT security, a test specification was required to accelerate market adoption. Such schemes can qualify products for security labels to be visually attached. This enables consumers to select more secure products over less secure ones.

The test specification TS 103 701 should help harmonise evaluation methods and support manufacturers, suppliers and implementers for their internal security processes.

Etsi provides members with an open and inclusive environment to support the development, ratification and testing of globally applicable standards for ICT systems and services across all sectors of industry and society. It is a non-profit body, with more than 950 member organisations worldwide, drawn from 64 countries and five continents. The members comprise a pool of large and small private companies, research entities, academia, government, and public organisations. Etsi is officially recognised by the EU as a European standards organisation (ESO).