Enisa Req

Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017

# Requirement Nr Description Good Practice Is Fullfilled By Remarks
1 GP-TM-33 Ensure that devices only feature the essential physical external ports (such as USB) necessary for them to function and that the test/debug modes are secure, so they cannot be used to maliciously access the devices. In general, lock down physical ports to only trusted connections. Access Control - Physical and Environmental security View
2 GP-TM-32 Ensure that the device cannot be easily disassembled and that the data storage medium is encrypted at rest and cannot be easily removed. Access Control - Physical and Environmental security View
3 GP-TM-31 Measures for tamper protection and detection. Detection and reaction to hardware tampering should not rely on network connectivity. Access Control - Physical and Environmental security View
4 GP-TM-30 Ensure a context-based security and privacy that reflects different levels of importance. Access Control - Physical and Environmental security View
5 GP-TM-29 Data integrity and confidentiality must be enforced by access controls. When the subject requesting access has been authorised to access particular processes, it is necessary to enforce the defined security policy. Access Control - Physical and Environmental security View
Records : 5 of 5 | Page : of 1 | Limit