Skip to main content

2.4.15 Configuration

This section's intended audience is for those personnel who are responsible for the security of the device and IoT Services configurations.

Req NoRequirementCompliance Class And ApplicabilityPrimary KeywordSecondary Keyword
2.4.15.1The configuration of the device and any related web services is secure and tamper resistant i.e. sensitive configuration parameters should only be changeable by authorised people (evidence should list the parameters and who is authorised to change e.g. Owners / Guests). Sensitive parameters include cryptographic configuration settings.Mandatory for Class 1 and aboveBusinessProcess
2.4.15.2Updates to configuration should be provisioned securely and just-in-time, maintaining consistency . Irrelevant components of the configuration must be removed at the same time.Mandatory for Class 1 and aboveBusinessProcess
2.4.15.3The manufacturer should provide users with guidance on how to check whether their device is securely set up.Mandatory for Class 1 and aboveBusinessProcess