This site maps global IoT security and privacy recommendations to the ETSI standard for Cyber Security for Consumer Internet of Things: Baseline Requirements, EN 303 645. It is an evolution of our previous site, which continues to be hosted at That previous work, conducted on behalf of the Department for Digital, Culture, Media & Sport (DCMS) provided organisations around the world with the ability to see how different requirements mapped to the UK’s Code of Practice for Consumer IoT Security and enabled them to use the information in their own developments. Our aim was to facilitate the defragmentation of IoT security requirements and emergent standards such that a set of common, harmonised requirements could be agreed upon globally. This mission has been successful and with an international, European Standard in place, together with an accompanying conformance assessment specification, it has rapidly become the de facto global standard that industry and governments have turned to as a solution to IoT product security.

We have therefore begun the process of mapping requirements against EN 303 645 and will continue to do so as new requirements, standards, testing schemes and government regulations are published. The sources of data come from a host of recommendations and standards bodies, governments and cities through to individuals across the world and we are very grateful to everyone who has supported the initiative with input and advice. As ever, if you have any new documents for us to map or any input, drop us an email via the address on the Frequently Asked Questions page. 



16/11/2021 – This update includes two new documents. One of which is the final release of the Indian Code of Practice. Previously we had mapped the draft version of this document, which has been deprecated with the addition of the full release. Additionally, we have added the IoXt Alliance’s Certified Component Program document.

01/10/2021 This site marks the evolution of the adoption of best practice in IoT to the point where there is an international standard from ETSI’s TC CYBER group ‘Cyber Security for Consumer Internet of Things: Baseline Requirements’ ETSI EN 303 645. That work is also accompanied by a conformance assessment Technical Specification, TS 103 701 marking an important step forward for global cyber security in IoT. We have mapped all previously reviewed standards against the ETSI specification baseline, including the original UK Code of Practice.

New Additions: 

Updated Versions:

There are also some documents that we have not mapped at this point, but will be processed in the next release:

To be mapped in the future: 

  • CSA – CSA IoT Security Controls Framework v2 
    • The format of this document was drastically different to other standards previously mapped, but we will spend some time on this in the next release.  

As well as the documents above, there are a number of released or updated documents and legislation we intend to re-map and / or re-assess and deprecate where necessary:

Example High Level Relationship Map

How to use this site?

The menu links from this page take you to individual visual mappings for the individual guidelines. In addition, there is a page with an external reference mapping, which is sourced from the external references used in the documentation of the organisations who developed the various recommendations and standards. This is useful to see what material and what organisations are regularly referenced and used, by whom. From these pages you can also download files which contain open data datasets of the mappings to use yourself and within your company.

Feedback and further input is welcomed, more details can be found on the Frequently Asked Questions page.

search previous next tag category expand menu location phone mail time cart zoom edit close