Solutions | Device Manufacturers

Voluntary guidelines providing structure and guidance for organizations' cybersecurity programs, with specific frameworks for IoT and industrial control systems.

Core Components:
- Identify, Protect, Detect, Respond, and Recover functions
- Asset management and risk assessment requirements
- Security control implementation guidelines
- Supply chain risk management
- Continuous monitoring and vulnerability management
- Incident response and recovery procedures
Legislation mandating security requirements for consumer IoT products sold in the UK market.

Core Components:
- Ban on universal default passwords
- Secure design and manufacturing standards
- Implementation of secure update mechanisms
- Transparency in supply chain security practices
A European regulation requiring IoT manufacturers to ensure secure-by-design principles, SBOMs, and vulnerability management.

Core Components:
- Secure-by-design and default principles
- Technical documentation and SBOMs
- Vulnerability monitoring post-deployment
- Cybersecurity risk assessments
EU-wide legislation strengthening cybersecurity requirements for critical infrastructure and essential service providers.

Core Components:
- Risk management measures
- Supply chain security and third-party risk management
- 24-72 hour incident reporting obligations
- Security policies and procedures documentation
- Regular security assessments and audits

Software Bill of Materials

A detailed list of all software components within a device must be maintained, including any open-source and third-party components.

Continuous Monitoring

IoT devices must be monitored in real-time to detect potential security threats, anomalies, or vulnerabilities before they can be exploited.

Incident Response Planning

Device manufacturers must have a comprehensive strategy for detecting, responding to, and recovering from cybersecurity incidents.

Secure by Design Principles

Cybersecurity measures must be implemented throughout the product lifecycle to reduce vulnerabilities in industrial systems and enhance resilience against cyber threats.