2.4.15 Configuration
This section’s intended audience is for those personnel who are responsible for the security of the device and IoT Services configurations.
| Req No | Requirement | Primary Keyword | Secondary Keyword | Compliance Class And Applicability |
|---|---|---|---|---|
| 2.4.15.1 | The configuration of the device and any related web services is secure and tamper resistant i.e. sensitive configuration parameters should only be changeable by authorised people (evidence should list the parameters and who is authorised to change e.g. Owners / Guests). Sensitive parameters include cryptographic configuration settings. | Business | Process | Mandatory for Class 1 and above |
| 2.4.15.2 | Updates to configuration should be provisioned securely and just-in-time, maintaining consistency . Irrelevant components of the configuration must be removed at the same time. | Business | Process | Mandatory for Class 1 and above |
| 2.4.15.3 | The manufacturer should provide users with guidance on how to check whether their device is securely set up. | Business | Process | Mandatory for Class 1 and above |