Mar 19, 2024 11:53:00

CSA, the organization that develops the smart home standard 'Matter', announces security standards for IoT devices

On March 19, 2024,

the Connectivity Standards Alliance (CSA), which develops the smart home standard `` Matter '', announced the ` `IoT Device Security Specification 1.0' ', a security standard for IoT devices, and the ` `Product Security '' certification program that accompanies it. We announced the introduction of ``Verified Mark ''.

The Connectivity Standards Alliance Product Security Working Group Launches the IoT Device Security Specification 1.0 - CSA-IOT
https://csa-iot.org/newsroom/the-connectivity-standards-alliance-product-security-working-group-launches-the-iot-device-security-specification-1-0/

Watch Out for This Blue Badge on The Next Smart Home Device You Buy | PCMag

https://www.pcmag.com/news/watch-out-for-this-blue-badge-on-the-next-smart-home-device-you-buy

The CSA launches an IoT Device Security Specification and certification program for smart home devices - The Verge
https://www.theverge.com/2024/3/18/24104906/csa-iot-device-security-specification-product-security-verification-mark

In recent years, there have been a number of incidents of damage caused by hacking of IoT devices, such as hacking of smart intercoms and remote activation of smart ovens . However, until now there have been no standards or methods for evaluating the security level of IoT products.

Therefore, CSA has established the basic cybersecurity standard 'IoT Device Security Specification 1.0' and the certification program 'Product Security Verified Mark” was announced.

Device manufacturers that comply with the specifications set by CSA and have gone through the certification process can attach the Product Security Verified Mark (PSV mark) to their products. So if the security camera or smart light bulb you buy carries the PSV mark, you know it meets requirements to protect against malicious hacking attempts and other intrusions that could impact your privacy. is.

Below is an example of the requirements that CSA requires of device manufacturers.

・Is a unique ID set for each IoT device?
・Is the default password hard-coded ?
・Is sensitive data on the device stored securely?
・Can security-related information be communicated safely?
・Are regular software updates performed during the support period?
・Has the product gone through a secure development process that includes vulnerability management?
・Are documents related to security, including support organizations, published?

Products that meet these requirements receive the Verified Mark from CSA, which can be used on product packaging and advertising. 'Research shows that consumers rate security as an important factor when purchasing a device, but it's hard to know which products to buy from a security perspective,' said Eugene Riderman, director of mobile security strategy at Google. 'This suite of programs, including the PSV mark, will provide a simple and easily identifiable indicator that will help consumers search for IoT devices.'

CSA aims to make the PSV mark interoperable with government security label programs and has entered into a mutual recognition agreement with the Singapore government on March 18, 2024. CSA CEO Tobin Richardson said, ``The PSV mark was created based on the requirements of various government agencies and programs.'' Richardson also suggested that products with the PSV mark could appear as early as the end of 2024.

Additionally, Richardson said, ``For companies that value the security of their products, PSV Mark approval is a way to differentiate themselves from their competitors,'' adding, ``Once the program launches, companies can begin the certification process immediately.'' I want it to be done,' he said.