EU - Cyber Security Requirement for Radio Equipment Directive (RED)
The Road to Successful Cyber Security Certification: We recognize that product certifications are business enablers for our customers. As a result, we aim to not only certify your products, but do so in an efficient, time and cost-effective manner. Intertek has the right philosophical approach as well as the right expertise to position vendors to best meet challenging government security certifications.
Our client-focused team will engage you to gain an understanding of your worldview so that we can adapt to your needs. We have used our unique experience to create a certification process that adapts to your development processes and timelines while ensuring a successful outcome. We work with your team to bake in security requirements into the development process instead of bolting them on.
Learn more about our Cyber Assured Program here.
Concern for cybersecurity of Internet-connected radio equipment has now caused the Radio Equipment Directive (RED) to update their scope, including Article 3.3, which addresses security of radio interfaces. The Delegated Regulation EU 2022/30 defines requirements of cybersecurity for internet connected products covered by RED.
U.S. - California IoT Cybersecurity Bill (SB 327)
U.S. - Oregon IoT Cybersecurity Bill (HB 2395)
Manufacturers of connected/IoT devices shall equip device with a reasonable security feature or features of all of the following when selling or offering for sale in California and Oregon:
- Appropriate to the nature and function of device.
- Appropriate to the information it may collect, contain, or transmit.
- Designed to protect device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
f a device is equipped with a means for authentication outside a LAN, either of the following is deemed a reasonable security feature:
- Unique pre-programmed password to each device.
- Security feature requires user to generate a new means of authentication before access granted.
Examples of Connected Devices:
- Hubs and gateway
- Toys with microphone/camera
- Toys without microphone/camera
- Lighting & switches
- Sensors (e.g. motion, temperature, light, door/ window)
- Life security systems (e.g. smoke detector, lock, access control)
SB 327 and HB 2395 Evaluation Service
Intertek has developed the derived test protocol to evaluate whether connected devices could meet the SB 327 / HB 2395 requirements, which helps manufacturers in making their compliance claims. Contact us to learn more.
UK - The Cybersecurity Requirements for Connectable Products in the Drafted UK PSTI Regulations
The UK government has published a full draft of the Product Security and Telecommunications Infrastructure (PSTI) (Security Requirements for Relevant Connectable Products) Regulations.
The drafted UK PSTI Regulations include three minimum security requirements, which have been partially referenced from EN 303 645:
| # | Requirements | Highlights | 
| 1 | Passwords | Unique per product or defined by the user of the product. | 
| 2 | Information on how to report security issues | Information to be published: 
 | 
| 3 | Information on minimum security update periods | Information on the defined support period must be published. | 
At Intertek, we understand the importance of proactive cybersecurity measures. Our service aims to support businesses in evaluating the necessary requirements outlined in the drafted UK PSTI Regulations, thereby enhancing the security of their connectable products to comply with the stipulated requirements in the regulations.
 
         
                         
                         
                         
                         
                         
                         
                        