EMC China Lab

Cybersecurity, UK PSTI, and ETSI EN 303 645

Views :
Update time : 2024-07-17

Overview of the PSTI Act

The UK's Product Security and Telecommunications Infrastructure (PSTI) Act is legislation aimed at enhancing the security of telecommunications infrastructure and products. This act specifically focuses on the security of Internet of Things (IoT) devices, mandating that all IoT products sold in the UK market meet specific security requirements. The goal of the PSTI Act is to reduce cybersecurity risks and protect consumers and businesses from potential security threats.

 

Cybersecurity, UK PSTI, and ETSI EN 303 645(图1)


Introduction to the ETSI EN 303 645 Standard

ETSI EN 303 645 is a set of IoT security standards developed by the European Telecommunications Standards Institute (ETSI). This standard aims to provide a series of security guidelines for the design, development, and production of IoT devices. It includes a range of fundamental requirements, such as secure booting without passwords, minimizing the attack surface, and ensuring the security of device software updates, to ensure IoT devices can withstand cyberattacks and data breaches. ETSI EN 303 645 is a globally recognized cybersecurity baseline standard adopted or intended to be adopted by many countries worldwide. It has been officially integrated into the IECEE Scheme, making it a universally accepted standard beyond Europe. Soon, we will see CB reports adopting the ETSI EN 303 645 standard.

 

Relationship Between PSTI and ETSI EN 303 645

The relationship between the PSTI Act and the ETSI EN 303 645 standard lies in the fact that the PSTI Act provides the legal framework and specific requirements for IoT device security, while ETSI EN 303 645 offers the technical guidance to achieve this framework. In other words, the PSTI Act defines the "what" of IoT device security, and the ETSI EN 303 645 standard explains the "how" to meet these security requirements.

 

So, what are the requirements of ETSI EN 303 645 that must be met to comply with the PSTI?

 

There are three main points:

1. Prohibition of Universal Passwords: Avoid using universal passwords and adopt secure encryption methods. The focus is on secure authentication, requiring customers to properly apply security protection protocols for various ports and comply with internationally accepted encryption principles.

 

2. Implementation of Vulnerability Disclosure Management: Companies must establish a vulnerability disclosure policy that allows researchers and users to report potential security issues. This means that companies need to set up a public vulnerability reporting mechanism and commit to timely response and remediation of reported vulnerabilities.

 

3. Transparency of Product Security Update Services: Companies should implement a secure software update mechanism, including the use of signature verification for update integrity and source. Additionally, they should notify users of available updates and possibly offer automatic update options.

 

Conclusion

As IoT devices play an increasingly important role in our daily lives, ensuring their cybersecurity becomes crucial. The UK's PSTI mandatory certification act is a pioneer in the cybersecurity certification market, and more countries and regions are expected to standardize their cybersecurity certification requirements in the future.

 

China JJR Laboratory offers PSTI and ETSI EN 303 645 services.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
General Product Safety Regulation GPSR General Product Safety Regulation GPSR
07 .31.2025
EU’s GPSR mandates product safety for all consumer goods by Dec 2024. Ensure compliance with testing...
Australia Electronic Product Certification Australia Electronic Product Certification
07 .31.2025
Australia electronic product certification requires SAA, C-Tick, or RCM compliance. JJR Lab provides...
Electrical Product Certification in Australia Electrical Product Certification in Australia
07 .31.2025
Electrical certification in Australia ensures safety to AS/NZS 60335, 60598, 60950. JJR Testing Labo...
Restriction of Hazardous Substances RoHS Directive Restriction of Hazardous Substances RoHS Directive
07 .31.2025
RoHS restricts hazardous substances in electronics per EU law. JJR Lab provides testing to ensure co...
EU Authorized Representative for Medical Devices EU Authorized Representative for Medical Devices
07 .31.2025
JJR LAB offers EU Authorized Rep services to ensure MDR compliance, product registration, and full r...
CE Testing for Wooden Toys CE Testing for Wooden Toys
07 .31.2025
CE testing ensures wooden toys meet EU standards EN71-1/2/3. JJR Lab offers reliable testing and cer...
CE Testing for Soft Toys CE Testing for Soft Toys
07 .31.2025
CE testing for soft toys ensures EU safety compliance. JJR Lab offers full EN71 testing and certific...
CE Testing for Handmade Toys CE Testing for Handmade Toys
07 .31.2025
Handmade toys require CE testing per EN 71 & EN 62115 standards. JJR Laboratory provides expert ...

Leave Your Message