安全檢測
安全檢測>物聯網安全檢測
物聯網安全檢測
對各類物聯網設備進行功能、安全性、兼容性等方面的測試。
一、檢測內容
[1] No universal default passwords(無默認通用密碼)
[2] Implement a means to manage reports of vulnerabilities(實施管理漏洞報告的方法)
[3] Keep software updated(不斷更新軟件)
[4] Securely store sensitive security parameters(安全存儲敏感的安全參數)
[5] Communicate securely(安全通信)
[6] Minimize exposed attack surfaces(盡量減少暴露的攻擊表面)
[7] Ensure software integrity(確保軟件完整性)
[8] Ensure that personal data is secure(確保個人數據安全)
[9] Make systems resilient to outages(使系統可以抵御中斷)
[10] Examine system telemetry data(檢查系統遙測數據)
[11] Make it easy for users to delete user data(方便用戶刪除用戶數據)
[12] Make installation and maintenance of devices easy(輕松安裝和維護設備)
[13] Validate input data(驗證輸入數據)
[14] Data protection provisions for consumer IoT(GDPR)
二、檢測依據
ETSI EN 303 645 V2.1.1 (2020-06) CYBER;Cyber Security for Consumer Internet of Things:Baseline Requirements
ETSI TS 103 701 V1.1.1 (2021-08) CYBER;Cyber Security for Consumer Internet of Things:Conformance Assessment of Baseline Requirements
二、檢測流程
1.業務咨詢
2提交產品文檔
3.產品檢測
4.出具測試報告(CNAS認可或國際知名認證機構頒發的證書)
