# ETSI Cyber Security for Consumer Internet of Things
| [**ETSI Cyber Security for Consumer Internet of Things** ](https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf) | **Description** | [**OWASP IoT Top 10 Mapping**](https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf) |
| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **4.1** | No universal default passwords | **I1 Weak, Guessable, or Hardcoded Passwords** |
| **4.2** | Implement a means to manage reports of vulnerabilities | **N/A** |
| **4.3** | Keep software updated | I4 Lack of Secure Update Mechanism
I5 Use of Insecure or Outdated Components
|
| **4.4** | Securely store credentials and security-sensitive data | I1 Weak, Guessable, or Hardcoded Passwords
I7 Insecure Data Transfer and Storage
|
| **4.5** | Communicate securely | **I7 Insecure Data Transfer and Storage** |
| **4.6** | Minimize exposed attack surfaces | I1 Weak, Guessable, or Hardcoded Passwords
I2 Insecure Network Services
I3 Insecure Ecosystem Interfaces
I5 Use of Insecure or Outdated Components
I9 Insecure Default Settings
I10 Lack of Physical Hardening
|
| **4.7** | Ensure software integrity | **I4 Lack of Secure Update Mechanism** |
| **4.8** | Ensure that personal data is protected | **I6 Insufficient Privacy Protection** |
| **4.9** | Make systems resilient to outages | **N/A** |
| **4.10** | Examine system telemetry data | **I8 Lack of Device Management** |
| **4.11** | Make it easy for consumers to delete personal data | **I6 Insufficient Privacy Protection** |
| **4.12** | Make installation and maintenance of devices easy | **I9 Insecure Default Settings** |
| **4.13** | Validate input data | **I3 Insecure Ecosystem Interfaces** |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://scriptingxss.gitbook.io/owasp-iot-top-10-mapping-project/mappings/etsi-cyber-security-for-consumer-internet-of-things.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.