ETSI Technical Committee TC CYBER has released ETSI TS 103 645, the first globally applicable standard establishing a security baseline for internet-connected consumer IoT products. The specification mandates the removal of universal default passwords and requires a vulnerability disclosure policy to address widespread security shortcomings in devices ranging from smart toys to home automation systems. By focusing on technical and organizational controls, the standard aims to protect consumer privacy and help manufacturers achieve compliance with the General Data Protection Regulation. This outcome-focused framework provides flexibility for organizations to implement appropriate security solutions while fostering trust in the growing IoT ecosystem.
Keywords: IoT security, default passwords, vulnerability disclosure, GDPR compliance, consumer protection