The IoT Security Foundation and the IASME Consortium have formed a partnership intended to address the entry level cyber-security requirements on consumer IoT products in the UK market.
In a statement issued by the pair they describe the initiative as, "...a baseline which is both low cost and simple to implement for manufacturers."
A recent report from the Internet Society identified many consumer concerns but also a ‘trust opportunity’ for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps have been taken to design security into their processes and products. The IASME Consortium’s IoT Cybersecurity Basic conformance scheme is intended to provide that proof.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials.
John Moor, managing director of the IoT Security Foundation said "IoT security is a wicked challenge for manufacturers as there are many factors to consider beyond purely technical controls. This can be off-putting yet experts in the field know that many of the risks can be avoided with a small number of well thought out measures. This scheme is aimed to be simple, low cost and address the majority of common vulnerabilities we still see today."
Dr Emma Philpott MBE of the IASME Consortium said, "Through our work with Cyber Essentials, we have seen the power of doing the basics right. We wanted to do the same for IoT and create a scheme which provides assurances for consumers and be attractive for business. We have worked with the IoT Security Foundation to create a scheme which does that, taking into account the immediate needs and anticipate regulatory changes that are likely to transpire in due course."
Manufacturers, and retailers can find out more about the scheme here.
A scheme assessment report is published on the IoTSF website here.