Draft
International Standard
ISO/IEC DIS 27404
Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT
Reference number
ISO/IEC DIS 27404
Edition 1
Проект Международный стандарт
Preview
ISO/IEC DIS 27404
80138
недоступно на русском языке
Проект данного международного стандарта находится на этапе рассмотрения членами ИСО.

ISO/IEC DIS 27404

ISO/IEC DIS 27404
80138
Язык
Формат
CHF 63
Пересчитать швейцарские франки (CHF) в ваша валюта

Тезис

This document defines a Universal Cybersecurity Labelling Framework for the development and implementation of cybersecurity labelling programmes for consumer IoT products and includes guidance on the following topics: • Risks and threats associated with consumer IoT products; • Stakeholders, roles and responsibilities; • Relevant standards and guidance documents; • Conformity assessment options; • Labelling issuance and maintenance requirements; and • Mutual recognition considerations. The scope of this document is limited to consumer IoT products, such as IoT gateways, base stations and hubs to which multiple devices connect; smart cameras, televisions, and speakers; wearable health trackers; connected smoke detectors, door locks and window sensors; connected home automation and alarm systems, especially their gateways and hubs; connected appliances, such as washing machines and fridges; smart home assistants; and connected children's toys and baby monitors. The Universal Cybersecurity Labelling Framework addresses the expected and intended use of IoT devices and systems by consumers, that is, the general public and non-technical users. These devices and systems are used with the understanding that the label and criteria are designed for consumer use and consumer security concerns. Safety is not addressed in this Universal Cybersecurity Labelling Framework even though it is an important aspect to consider. Consumer IoT devices used in an enterprise context may not be classified as consumer IoT devices due to potentially more serious implications if compromised, which then entails more stringent cybersecurity provisions. Furthermore, in threat models of consumer IoT, there is no IT/system administrator as a pre-condition. Products that are not intended for consumer use are excluded from this standard. Examples of excluded devices are those that are primarily intended for manufacturing, healthcare and other industrial purposes. The Universal Cybersecurity Labelling Framework is based on requirements from international standards, with objectives to facilitate mutual recognition of labelling schemes for consumer IoT (regardless if they are binary or multi-level), avoid fragmentation of standards, eradicate duplicated testing (across countries), reduce the cost of compliance and facilitate market access for developers. This document is applicable to consumers, developers, issuing bodies of cybersecurity labels and independent test laboratories.

Общая информация

  •  : В стадии разработки

    You can help develop this draft international standard by contacting your national member

    : Начало голосования по проекту между-народно-го стандарта: 3 мес. [40.20]
  •  : 1
  • ISO/IEC JTC 1/SC 27
    35.030  35.240.95 
  • RSS обновления

Жизненный цикл

Цели в области устойчивого развития

Данный стандарт разработан для достижения следующих Цель устойчивого развития

Появились вопросы?

Ознакомьтесь с FAQ