Cyber Security and the Internet of Things

Fortunately, there are several internationally-accepted standards to help manufacturers secure their devices.

• ETSI/EN 303 645 — This European standard details outcome-focused best practices for the security of Internet-connected consumer devices to provide flexible security measures.
• ANSI/UL 2900 — This series of standards provides verifiable criteria for the testing of network-connected devices that send, store, or transmit data to and from other connected devices.
• IEC 62443 — This series of standards focuses on the cyber security of various aspects of industrial communications networks, including industrial automation and control systems and components, as well as requirements for IACS service providers.
• CTIA Standards — CTIA's Cyber Security Working Group has developed a number of best practices to address cyber risks specific to the range of wireless communications technologies, including LTE, CDMA, UMTS, GSM, converged Wi-Fi and Air-Interface technologies.

How Nemko Can Help

Nemko can test connected systems and devices according to the requirements and best practices detailed in ETSI/EN 303 645, and has specifically developed two testing and approval services for unique cyber security situations.

• Cyber Security Product Attestation— This service provides a trusted, third-party cyber security verification method for manufacturers of custom products and components, as well as those who do not require certification.
  
  
• Cyber Security Product Certification— Beyond testing according to ETSI/EN 303 645, this service includes an initial audit of the quality assurance system, as well as annual surveillance audits to ensure ongoing compliance.
  
  
• In addition to these services, Nemko can also provide testing and certification services according to the Common Criteria scheme.

The Nemko cyber secure mark verifies, in a simple and visible way for the buyers, the compliance of the product to the cyber security IoT standard ETSI/EN 303 645.