标准简介
ETSI EN 303 645 是由 欧洲电信标准协会 (ETSI) 发布的有效标准,常用于科技、电子产品、电信通讯等行业,并适用于欧盟、欧洲经济区、全球等市场。
本页汇总了 ETSI EN 303 645 的官方文档、当前状态以及常见相关认证或评估机构,便于快速理解要求与落地路径。
Baseline IoT Security
Defines a baseline set of cybersecurity provisions for consumer Internet of Things devices, including smart home and connected appliances.
No Default Passwords
Prohibits universal default passwords — a flagship requirement to stop large-scale exploitation of consumer devices.
Secure Updates
Requires a means to manage reports of vulnerabilities and to keep software securely updated for a defined support period.
list_alt Baseline Provisions
- No universal default passwords
- Implement a vulnerability disclosure policy
- Keep software updated
- Securely store sensitive security parameters
- Communicate securely (encryption in transit)
- Minimise exposed attack surfaces
- Ensure software integrity and protect personal data
谁需要合规?
Manufacturers of consumer IoT devices — smart air conditioners, home appliances, wearables, and connected sensors — seeking to demonstrate baseline cybersecurity, increasingly expected under EU RED and CRA rules.
关键要求
Eliminate Default Passwords
Ensure each device has unique credentials or a secure user-defined setup; no universal default passwords.
Vulnerability Disclosure
Publish a clear point of contact and policy for reporting vulnerabilities and act on reports in a timely manner.
Secure Update Mechanism
Provide secure, authenticated software updates and state the minimum support period during which updates are provided.
Protect Data & Communications
Encrypt sensitive data in transit, securely store security parameters, and minimise the device's exposed attack surface.
处罚与执行
ETSI EN 303 645 is a voluntary standard, but its provisions underpin mandatory regimes (RED cybersecurity delegated act, Cyber Resilience Act). Non-compliance with those regimes can lead to market withdrawal and fines.