Topic-specific policies
ISO/IEC 27404


Search this site
 
ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27404 — Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT [DRAFT]

 

Abstract

“This document defines a Universal Cybersecurity Labelling Framework for the development and implementation of cybersecurity labelling programmes for consumer IoT products.”
[Source: ISO/IEC JTC 1/SC 27 SD11 July 2024]
 

Introduction

Although cybersecurity is seldom promoted as a feature of consumer-oriented IoT devices (things), it can be important. Inconsistent and unclear cybersecurity labelling does not help consumers appreciate their security and privacy objectives, nor evaluate and select things accordingly. Standardising the cybersecurity labelling of things is intended to improve consistency across the global market, increase consumer awareness and promote better cybersecurity designs.

 

Scope of the standard

The standard concerns consumer-grade (retail) things - as opposed to business, industrial, engineering, medical, scientific or mil-spec things (since their cybersecurity requirements and features/capabilities are more likely to be specified in detail).

It covers cybersecurity and privacy but excludes safety aspects.

 

Content of the standard

The main sections are:

  1. Overview
  2. International alignment
  3. Components and considerations for labelling framework
  4. Label issue and maintenance

    5. Annex A - types and features of labels

    Annex B - examples of multi-level labelling schemes

    Annex C - examples of binary labelling schemes

    Annex D - determination of equivalency between labelling schemes

    Annex E - cybersecurity baseline examples

    Annex F - secure-by-design examples

    Annex G - privacy assessment examples

     

Status

Drafting started in 2022.

Oct status update The standard is at Draft International Standard stage and is due to be published in 2026.

 

Personal comments

Singapore standard TR 91:2021 Cybersecurity labelling for consumer IoT formed the original basis for this standard, with editorial changes to suit the more formal ISO/IEC style.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2024 IsecT Ltd. Contact us re Intellectual Property Rights