Cybersecurity — IoT security and privacy — Device baseline requirements

This document provides baseline ICT requirements for IoT devices to support security and privacy controls.

Cybersécurité — Sécurité et protection de la vie privée pour l'IdO — Exigences de base relatives aux dispositifs

General Information

Status
Published
Publication Date
20-Nov-2023
Current Stage
6060 - International Standard published
Start Date
21-Nov-2023
Due Date
15-Jun-2024
Completion Date
21-Nov-2023
Ref Project

Buy Standard

Standard
ISO/IEC 27402:2023 - Cybersecurity — IoT security and privacy — Device baseline requirements Released:21. 11. 2023
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC FDIS 27402 - Cybersecurity — IoT security and privacy — Device baseline requirements Released:25. 07. 2023
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/IEC FDIS 27402 - Cybersecurity — IoT security and privacy — Device baseline requirements Released:25. 07. 2023
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 27402
First edition
2023-11
Cybersecurity — IoT security
and privacy — Device baseline
requirements
Cybersécurité — Sécurité et protection de la vie privée pour l'IdO —
Exigences de base relatives aux dispositifs
Reference number
ISO/IEC 27402:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC 27402:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27402:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 3
4 Overview . 3
5 Requirements . 4
5.1 Requirements for IoT device policies and documentation . 4
5.1.1 Risk management . 4
5.1.2 Information disclosure . 5
5.1.3 Vulnerability disclosure and handling processes . 6
5.2 Requirements for IoT device capabilities and operations . 6
5.2.1 General . 6
5.2.2 Configuration . 7
5.2.3 Software reset . 7
5.2.4 User data removal . 8
5.2.5 Protection of data . 8
5.2.6 Interface access .
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27402
ISO/IEC JTC 1/SC 27
Cybersecurity — IoT security
Secretariat: DIN
and privacy — Device baseline
Voting begins on:
2023-08-08 requirements
Voting terminates on:
2023-10-03
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 27402:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 27402:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27402
ISO/IEC JTC 1/SC 27
Cybersecurity — IoT security
Secretariat: DIN
and privacy — Device baseline
Voting begins on:
requirements
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 27402:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 27402:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 3
4 Overview . 3
5 Requirements . 4
5.1 Requirements for IoT device policies and documentation . 4
5.1.1 Risk management . 4
5.1.2 Information disclosure . 5
5.1.3 Vulnerability disclosure and handling processes . 6
5.2
...

ISO/IEC DIS FDIS 27402:2023(E)
Style Definition: Heading 1: Indent: Left: 0 pt, First
line: 0 pt, Tab stops: Not at 21.6 pt
ISO/IEC JTC 1/SC 27
Style Definition: Heading 2: Font: Bold, Tab stops: Not
Secretariat: DIN
at 18 pt
Date: 2023-03-2007-24
Style Definition: Heading 3: Font: Bold
Cybersecurity — IoT security and privacy — Device baseline requirements
Style Definition: Heading 4: Font: Bold
Style Definition: Heading 5: Font: Bold
Style Definition: Heading 6: Font: Bold
Style Definition: ANNEX
Style Definition: zzCopyright
Style Definition: Body Text Indent 2
Style Definition: Body Text Indent 3
Style Definition: AMEND Terms Heading: Font: Bold
Style Definition: AMEND Heading 1 Unnumbered:
Font: Bold
Formatted: Font: Bold
Formatted: Font: Bold
Formatted: Font: Bold
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: Font: Bold

---------------------- Page: 1 ----------------------
ISO/IEC DISFDIS 27402:2023(E)
Formatted: Font color: Custom Color(RGB(33;29;30))
Formatted: Font color: Custom Color(RGB(33;29;30))
© ISO/IEC 2023
Formatted: No page break before, Adjust space
between Latin and Asian text, Adjust space between
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no
Asian text and numbers
part of this publication may be reproduced or utilized otherwise in any form or by any means,
Formatted: Adjust space between Latin and Asian text,
electronic or mechanical, including photocopying, or posting on the internet or an intranet, without
Adjust space between Asian text and numbers
prior written permission. Permission can be requested from either ISO at the address below or
ISO’sISO's member body in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Phone: + 41 22 749 01 11
Formatted: English (United Kingdom)
Formatted: English (United Kingdom)
Fax: +41 22 749 09 47
Formatted: English (United Kingdom)
Email: copyright@iso.org
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Published in Switzerland.
ii © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC DISFDIS 27402:2023(E)
Formatted: Font color: Custom Color(RGB(33;29;30))
Formatted: Font color: Custom Color(RGB(33;29;30))
Contents
Foreword . iv
Introduction. v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 4
4 Overview . 4
5 Requirements . 5
5.1 Requirements for IoT device policies and documentation . 5
5.1.1 Risk management . 5
5.1.2 Information disclosure . 6
5.1.3 Vulnerability disclosure and handling processes . 7
5.2 Requirements for IoT device capabilities and operations . 7
5.2.1 General . 7
5.2.2 C
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.