UK’s NCSC and the DCMS publish manufacturers’ device security principles for public consultation
The UK’s NCSC and DCMS release device security principles for manufacturer consultation, aiming to enhance security standards in devices interacting with organizational data. Principles include secure updates, data protection, authentication support, transparency, and recovery features. The framework complements the existing Product Security and Telecommunications Infrastructure bill.
UK’s National Cyber Security Centre, together with The Department for Digital, Culture, Media, and Sport, launched the beta version of the device security principles for manufacturers for public consultation. The principles constitute a framework that aims to drive forward security standards in Enterprise Connected Devices (devices that interact with, hold, or process an organisation’s data). The framework will be in addition to the Product Security and Telecommunications Infrastructure (PSTI) bill.
The framework’s principles are as follows: (1) Provide updates securely, (2) Support appropriate authentication, (3) Protect data at rest and in transit, (4) Maintain device integrity, (5) Ensure transparency of device health, (6) Permit only trusted software, (7) Minimise the privilege and reach of applications, (8) Constrain the use of all device interfaces, (9) Allow robust device management, (10) Provide security logging, alerting and monitoring capabilities and (11) Enable recovery to a known good state.