Secure Your Consumer IoT Devices: Your One-Stop Solution for ESTI EN 303 645

What is ETSI EN 303 645?

ETSI (European Telecommunications Standards Institute) EN 303 645 is a global cybersecurity standard for consumer Internet of Things (IoT) devices. The standard comprises 33 mandatory provisions and 35 recommendations across 14 areas. It specifies security requirements that manufacturers should integrate into the design and development of IoT products to improve their resistance to cyber threats. It is aimed at preventing widespread attacks on smart devices. This standard emphasizes integrating security into IoT products from the design phase, rather than adding security measures as an afterthought.

Why Is It Important to Businesses?

Many other cybersecurity regulations worldwide such as providing Radio Equipment Directive (RED) Article 3(3). ETSI EN 303 645 is important for businesses for these reasons: it sets a baseline and influences future regulations.

In short, ETSI EN 303 645 helps businesses:

  • Create a Baseline for Secure Development
  • Future-proofing for Regulations as it has become the baseline for the majority of IoT security evaluations globally. Learn more from our brochure.

BV Cybersecurity Solution: Cybersecurity Compliance, Simplified

In today's digital world, cybersecurity is no longer an afterthought - it's the foundation for building secure and successful products. We support you at every stage of product development, empowering your team and fortifying your product design and cyber risk management.

Empower Your Team with Training & Workshop

Our technical workshops and training programs empower your team with the knowledge and skills needed to build secure products. Gain a deep understanding of cybersecurity standards, requirements, best practices and how to implement them effectively.

We Help You Build Walls of Security from The Ground Up

Our strategic guidance verifies your products are secure from the ground up. We collaborate with your team throughout the development process, integrating robust security measures seamlessly into your product design.

Discover and Eliminate Vulnerabilities Before Hackers Do

Our gap analysis and testing services identify areas for improvement and conduct rigorous testing based on ETSI TS 103 701 standards. We help you discover and eliminate vulnerabilities early in the development process.

Independent Assessments for Compliance Assurance

Our accredited laboratory provides independent assessments to verify your device's security maturity and compliance.

Actionable and Customizable Reports

Receive detailed, actionable reports tailored to your product's unique needs. Our customizable reporting helps you enhance security and meet regulatory standards with confidence.

Our Comprehensive Solutions Stand as Your First Line of Defense.

Not all consumer IoT devices are created equal. We understand that the specific security needs of your device will vary depending on several factors, including:

  • Functionality: A smart speaker will have different security requirements compared to a medical monitoring device.
  • Data Sensitivity: Devices that handle sensitive user data (e.g., financial information, health data) require more robust security measures.
  • Intended Use Environment: Devices deployed in industrial settings may face different security threats compared to home-based devices.

That's why we take a customized approach to testing. We work closely with you to understand your device's unique characteristics and identify the most relevant tests from the following categories and beyond:

  • Conceptual Tests

    • Design Review to evaluate your device's design specifications to confirm security is built-in from the beginning.
    • Policy and Documentation Review: We assess your security policies, user manuals, and other documentation to confirm alignment with best practices and relevant standards.

  • Functional Tests (tailored selection based on your device)

    • Interface Testing to examines user interfaces (web interfaces, mobile apps) to verify they handle data securely, resist common attacks, and provide proper logging and alerting functionalities.
    • Authentication and Access Control Tests to verify strong authentication mechanisms.
    • Encryption and Data Protection Tests to confirm that data transmitted by your device is encrypted using robust protocols and that data at rest (stored on the device) is protected with strong encryption algorithms and keys.
    • Vulnerability Scanning and Penetration Testing to identify potential weaknesses in your device's security architecture.
    • Network Security Tests to assess your device's ability to withstand network-based attacks and verify the security of network protocols used by the device.
    • Compliance Tests
    • System Resilience Tests to test how your device recovers from attacks. 
    • Environmental and Physical Security Tests (if applicable) such as physical assessment tests to verify the effectiveness of physical security measures of your IoT product.

Our specialists will recommend the optimal test combination to address your specific needs. Provide a cost-effective testing solution that mitigates your device's security risks.