ETSI Cyber Security for Consumer Internet of Things

​ETSI Cyber Security for Consumer Internet of Things ​
Description
​OWASP IoT Top 10 Mapping​
4.1
No universal default passwords
I1 Weak, Guessable, or Hardcoded Passwords
4.2
Implement a means to manage reports of vulnerabilities
N/A
4.3
Keep software updated
I4 Lack of Secure Update Mechanism

I5 Use of Insecure or Outdated Components
4.4
Securely store credentials and security-sensitive data
I1 Weak, Guessable, or Hardcoded Passwords

I7 Insecure Data Transfer and Storage
4.5
Communicate securely
I7 Insecure Data Transfer and Storage
4.6
Minimize exposed attack surfaces
I1 Weak, Guessable, or Hardcoded Passwords

I2 Insecure Network Services

I3 Insecure Ecosystem Interfaces

I5 Use of Insecure or Outdated Components

I9 Insecure Default Settings

I10 Lack of Physical Hardening
4.7
Ensure software integrity
I4 Lack of Secure Update Mechanism
4.8
Ensure that personal data is protected
I6 Insufficient Privacy Protection
4.9
Make systems resilient to outages
N/A
4.10
Examine system telemetry data
I8 Lack of Device Management
4.11
Make it easy for consumers to delete personal data
I6 Insufficient Privacy Protection
4.12
Make installation and maintenance of devices easy
I9 Insecure Default Settings
4.13
Validate input data
I3 Insecure Ecosystem Interfaces

CSA IoT Controls Framework

Acknowledgments

Last modified 4yr ago

ETSI Cyber Security for Consumer Internet of Things	Description	OWASP IoT Top 10 Mapping
4.1	No universal default passwords	I1 Weak, Guessable, or Hardcoded Passwords
4.2	Implement a means to manage reports of vulnerabilities	N/A
4.3	Keep software updated	I4 Lack of Secure Update Mechanism I5 Use of Insecure or Outdated Components
4.4	Securely store credentials and security-sensitive data	I1 Weak, Guessable, or Hardcoded Passwords I7 Insecure Data Transfer and Storage
4.5	Communicate securely	I7 Insecure Data Transfer and Storage
4.6	Minimize exposed attack surfaces	I1 Weak, Guessable, or Hardcoded Passwords I2 Insecure Network Services I3 Insecure Ecosystem Interfaces I5 Use of Insecure or Outdated Components I9 Insecure Default Settings I10 Lack of Physical Hardening
4.7	Ensure software integrity	I4 Lack of Secure Update Mechanism
4.8	Ensure that personal data is protected	I6 Insufficient Privacy Protection
4.9	Make systems resilient to outages	N/A
4.10	Examine system telemetry data	I8 Lack of Device Management
4.11	Make it easy for consumers to delete personal data	I6 Insufficient Privacy Protection
4.12	Make installation and maintenance of devices easy	I9 Insecure Default Settings
4.13	Validate input data	I3 Insecure Ecosystem Interfaces