In support of ioXt Alliance
IoT enhances the usability and capability of many (and eventually all) devices, but it also opens the door to greater risks. Security is of great importance to protecting privacy and integrity but the legal system is largely playing a catch-up role so far. Here are a collection of security related laws, which we make sure we comply with:
1798.91.04. (a) A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:
(1) Appropriate to the nature and function of the device.
(2) Appropriate to the information it may collect, contain, or transmit.
(3) Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:
(1) The preprogrammed password is unique to each device manufactured.
(2) The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.
US H.R.1668 - IoT Cybersecurity Improvement Act of 2020:
We also see potential for something more like an industry standard and that is in line with the goals of the ioXt Alliance. We have joined the alliance already and will certify the PLT through this program. We would also encourage other device makers to do the same because each member and certified product enhances the strength of the organization and the security evangelism they do.
Please sign in to leave a comment.