UK’s NCSC and the DCMS publish manufacturers’ device security principles for public consultation
The UK’s NCSC and DCMS release device security principles for manufacturer consultation, aiming to enhance security standards in devices interacting with organizational data. Principles include secure updates, data protection, authentication support, transparency, and recovery features. The framework complements the existing Product Security and Telecommunications Infrastructure bill.
UK’s National Cyber Security Centre, together with The Department for Digital, Culture, Media, and Sport, launched the beta version of the device security principles for manufacturers for public consultation. The principles constitute a framework that aims to drive forward security standards in Enterprise Connected Devices (devices that interact with, hold, or process an organisation’s data). The framework will be in addition to the Product Security and Telecommunications Infrastructure (PSTI) bill.
The framework’s principles are as follows: (1) Provide updates securely, (2) Support appropriate authentication, (3) Protect data at rest and in transit, (4) Maintain device integrity, (5) Ensure transparency of device health, (6) Permit only trusted software, (7) Minimise the privilege and reach of applications, (8) Constrain the use of all device interfaces, (9) Allow robust device management, (10) Provide security logging, alerting and monitoring capabilities and (11) Enable recovery to a known good state.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.