Effective Date: January 1, 2020
Governing Body: USA, California, Legislature
Full Description: Security of Connected Devices: Title 1.81.26, Part 4 of Division 3 of the Civil Code
Summary: Requires a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.
Publish Date: July 14, 2020
Issuing Body: USA, NIST (National Institute of Standards and Technology)
Full Description: IoT Device Cybersecurity Capability Core Baseline
Summary: This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of this publication is to provide organizations a starting point to use in identifying the device cybersecurity capabilities for new IoT devices they will manufacture, integrate, or acquire.
Publish Date: May 12, 2021
Issuing Body: USA Government, Executive Branch, White House
Full Description: Policy for Improving the Nation’s Cybersecurity
Summary: “It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.”
Key Sections of Policy:
Publish Date: October 14, 2018
Issuing Body: UK Government
Full Description: Code of Practice for Consumer IoT Security
Summary: This Code of Practice sets out practical steps for IoT manufacturers and other industry stakeholders to improve the security of consumer IoT products and associated services. Implementing its thirteen guidelines will contribute to protecting consumers’ privacy and safety, whilst making it easier for them to use their products securely. It will also mitigate against the threat of Distributed Denial of Service (DDoS) attacks that are launched from poorly secured IoT devices and services.
Key Guidelines of Code: