verified_user
Standardful
首页chevron_right标准chevron_rightETSI EN 303 645
有效国际标准update 标准更新:2020年fact_check 事实核查:2026年6月28日

ETSI EN 303 645

消费类物联网网络安全——基线要求

apartment发布组织:欧洲电信标准协会 (ETSI)

标准简介

ETSI EN 303 645 是由 欧洲电信标准协会 (ETSI) 发布的有效标准,常用于科技、电子产品、电信通讯等行业,并适用于欧盟、欧洲经济区、全球等市场。

本页汇总了 ETSI EN 303 645 的官方文档、当前状态以及常见相关认证或评估机构,便于快速理解要求与落地路径。

security

Baseline IoT Security

Defines a baseline set of cybersecurity provisions for consumer Internet of Things devices, including smart home and connected appliances.

password

No Default Passwords

Prohibits universal default passwords — a flagship requirement to stop large-scale exploitation of consumer devices.

update

Secure Updates

Requires a means to manage reports of vulnerabilities and to keep software securely updated for a defined support period.

list_alt Baseline Provisions

  • No universal default passwords
  • Implement a vulnerability disclosure policy
  • Keep software updated
  • Securely store sensitive security parameters
  • Communicate securely (encryption in transit)
  • Minimise exposed attack surfaces
  • Ensure software integrity and protect personal data

谁需要合规?

groups

Manufacturers of consumer IoT devices — smart air conditioners, home appliances, wearables, and connected sensors — seeking to demonstrate baseline cybersecurity, increasingly expected under EU RED and CRA rules.

关键要求

1

Eliminate Default Passwords

Ensure each device has unique credentials or a secure user-defined setup; no universal default passwords.

2

Vulnerability Disclosure

Publish a clear point of contact and policy for reporting vulnerabilities and act on reports in a timely manner.

3

Secure Update Mechanism

Provide secure, authenticated software updates and state the minimum support period during which updates are provided.

4

Protect Data & Communications

Encrypt sensitive data in transit, securely store security parameters, and minimise the device's exposed attack surface.

处罚与执行

warning

ETSI EN 303 645 is a voluntary standard, but its provisions underpin mandatory regimes (RED cybersecurity delegated act, Cyber Resilience Act). Non-compliance with those regimes can lead to market withdrawal and fines.

官方文档

查看全部

实施时间线

history
2019年
Published as ETSI TS 103 645
check_circle
2020年6月
Adopted as ETSI EN 303 645 V2.1.1
security
2024+
Referenced for the EU Cyber Resilience Act and Radio Equipment Directive cybersecurity requirements

相关分类