UK PSTI

Cybersecurity News – Latest Requirements of the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act

/in

UK PSTI

UK PSTI

The UK’s Product Security and Telecommunications Infrastructure (PSTI) Act primarily targets the cybersecurity requirements for smart devices. This mandatory requirement was implemented in April 2024.

Below is a detailed explanation of the types of products that need PSTI testing, exceptions, and how to meet PSTI requirements.

PSTI testing applies to a wide range of internet-connected devices, including but not limited to:

  • Smart home devices (such as smart bulbs, smart locks, smart thermostats)
  • Consumer electronics (such as smart TVs, smart speakers, smartwatches)
  • Connected toys and baby monitors
  • Smart health and fitness devices (e.g., fitness trackers)
  • Other Network-connected devices

Manufacturers should conduct cybersecurity risk assessments for their products according to the specific terms of the PSTI and take necessary technical measures to mitigate these risks. By following these steps and requirements, manufacturers can ensure their products meet the PSTI cybersecurity standards, providing consumers with a safer user experience.

Exceptions

The following categories of devices are not covered by PSTI testing:

  • Enterprise-level network equipment
  • Industrial control systems
  • Devices with simple functions and no network connectivity
  • Personal computers and laptops

These products typically have specialized security standards and regulatory bodies for testing and certification, so they do not need to comply with PSTI requirements.

PSTI Requirements

To meet PSTI requirements, manufacturers should follow these steps:

  1. Firmware Update Mechanism: Ensure the device can receive and automatically install security updates to patch known vulnerabilities.
  2. Unique Default Passwords: Each device should use a unique default password or require users to set a strong password upon first use.
  3. Vulnerability Reporting Channel: Establish an easily accessible vulnerability reporting mechanism, allowing users and security researchers to report security issues with the device.

The cybersecurity testing laboratory at the One provides testing and certification services that meet the latest PSTI cybersecurity requirements. We continuously monitor the latest regulatory developments and offer appropriate cybersecurity testing services in line with regulatory changes, providing our clients with up-to-date cybersecurity testing and certification solutions.

For further information, please contact:

Email: service@theonelab.co