# ETSI Cyber Security for Consumer Internet of Things

| [**ETSI Cyber Security for Consumer Internet of Things** ](https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf) | **Description**                                        | [**OWASP IoT Top 10 Mapping**](https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf)                                                                                                                                                                                                                                                              |
| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **4.1**                                                                                                                                                 | No universal default passwords                         | **I1 Weak, Guessable, or Hardcoded Passwords**                                                                                                                                                                                                                                                                                                                 |
| **4.2**                                                                                                                                                 | Implement a means to manage reports of vulnerabilities | **N/A**                                                                                                                                                                                                                                                                                                                                                        |
| **4.3**                                                                                                                                                 | Keep software updated                                  | <p><strong>I4 Lack of Secure Update Mechanism</strong><br><br><strong>I5 Use of Insecure or Outdated Components</strong></p>                                                                                                                                                                                                                                   |
| **4.4**                                                                                                                                                 | Securely store credentials and security-sensitive data | <p><strong>I1 Weak, Guessable, or Hardcoded Passwords</strong><br><br><strong>I7 Insecure Data Transfer and Storage</strong></p>                                                                                                                                                                                                                               |
| **4.5**                                                                                                                                                 | Communicate securely                                   | **I7 Insecure Data Transfer and Storage**                                                                                                                                                                                                                                                                                                                      |
| **4.6**                                                                                                                                                 | Minimize exposed attack surfaces                       | <p><strong>I1 Weak, Guessable, or Hardcoded Passwords</strong><br><br><strong>I2 Insecure Network Services</strong><br><br><strong>I3 Insecure Ecosystem Interfaces</strong><br><br><strong>I5 Use of Insecure or Outdated Components</strong><br><br><strong>I9 Insecure Default Settings</strong><br><br><strong>I10 Lack of Physical Hardening</strong></p> |
| **4.7**                                                                                                                                                 | Ensure software integrity                              | **I4 Lack of Secure Update Mechanism**                                                                                                                                                                                                                                                                                                                         |
| **4.8**                                                                                                                                                 | Ensure that personal data is protected                 | **I6 Insufficient Privacy Protection**                                                                                                                                                                                                                                                                                                                         |
| **4.9**                                                                                                                                                 | Make systems resilient to outages                      | **N/A**                                                                                                                                                                                                                                                                                                                                                        |
| **4.10**                                                                                                                                                | Examine system telemetry data                          | **I8 Lack of Device Management**                                                                                                                                                                                                                                                                                                                               |
| **4.11**                                                                                                                                                | Make it easy for consumers to delete personal data     | **I6 Insufficient Privacy Protection**                                                                                                                                                                                                                                                                                                                         |
| **4.12**                                                                                                                                                | Make installation and maintenance of devices easy      | **I9 Insecure Default Settings**                                                                                                                                                                                                                                                                                                                               |
| **4.13**                                                                                                                                                | Validate input data                                    | **I3 Insecure Ecosystem Interfaces**                                                                                                                                                                                                                                                                                                                           |