For increasing the protection of consumers by security of IoT devices, the German authorities (Federal Office for Information Security, BSI) now introduces an IT-security label, whereby consumers shall have possibility to check for themselves the security features of digitally connected devices and services.
When buying such a labelled device, one can simply check the cyber security status by entering the link written on the label or by scanning the QR-Code with a smart phone. This leads to a BSI website with product specific security information.
To get the IT-Security Label the vendor needs to fill out an application and declare that the product or service meets the requirements of the corresponding BSI product category.
After a positive check of the documents by BSI, the label will be assigned for a specified validity period, and a product information web page will be generated corresponding to the link of the assigned label.
Introduction of the label is planned for the end of this year, 2021. It will not be mandatory, but cybersecurity is in any case mandatory in Europe per the General Data Protection Regulation (GDPR).
According to BSI, the purpose of the label is to:
The label does not, however, guarantee that the product is absolutely secure or that the vendor will fulfill all the standards also after the validity period of the label.
Also, it is designed as a self-declaration scheme, not requiring any third-party.involvement, at least not in the introductory phase.
Nemko does offer third-party testing and certification according to the IoT cyber security standard ETSI/EN 303 645, which also covers a range of regional requirements.
More information may be seen at this site . For assistance with testing and certification for cyber security IoT devices, please contact Geir.Horthe@nemko.com
* This article is edited by Trond Sollie
P.S. If you know of colleagues or others you think should get this monthly newsletter, please refer to this link for registration
All rights reserved Nemko © 2020
