2
min reading time
CCLab Ltd. has successfully completed the CBTL audit and obtained authorization as a CB Testing Laboratory (CBTL) under the international IECEE CB scheme. Based in Hungary, CCLab successfully extended its cybersecurity testing, evaluation, and certification capabilities officially on 24th May, 2024, for consumer IoT devices compliant with ETSI EN 303 645 and industrial automation and control systems specialized in IEC 62443-4-1 /4-2 standards within the IECEE CB scheme. Certificates issued under the CB scheme are currently accepted in over 50 countries.
CCLab Ltd., in collaboration with QIMA Germany, is one of the first international National Certification Bodies (NCB) and CB Testing Laboratories (CBTL) to receive accreditation under the IECEE (International Electrotechnical Commission System for Conformity Testing and Certification of Electrical Equipment) CB (Certification Bodies) scheme for ETSI EN 303 645 standard - “Cybersecurity for Consumer IoT devices (CIoT)”- as well as the IEC 62443-4-1 and 4-2 standards for industrial automation and control systems. The IECEE CB scheme now officially recognizes CCLab to conduct tests according to the relevant standards for CIoT products or industrial control systems, and to issue CB certificates and test reports on compliance with the standards above. CB Scheme is the largest certification system for electrical devices, where the certificates are accepted in more than 50 member countries.
ETSI EN 303 645 is a globally recognized standard that defines critical cybersecurity requirements for consumer IoT devices and serves as the basis for developing IoT certification schemes in various regions.
Compliance with the standard involves the evaluation of 33 provisions during the device’s cybersecurity assessment by the testing laboratory, based on the 3 documents specified in the standard. These documents include the Implementation of eXtra Information for Testing (IXIT), Implementation Conformance Statement (ICS), and Device Under Test (DUT), where the latter provides detailed information for the tested device’s identification.
IEC 62443 is an international series of standards that regulates the cybersecurity of industrial automation and control systems (OT, Operational Technology). Sub-parts 62443-4-1 and 62443-4-2 of IEC 62443, collectively define technical guidelines for improving the cybersecurity of industrial control systems.
Part 4-2 of the IEC 62443 contains the cybersecurity requirements for control systems and components, while Part 4-1 specifies the requirements for the secure development life cycle of these products. The standard family helps protect industrial systems by providing measures for defending against cybersecurity threats and ensuring compliance.
The IECEE CB scheme provides a global framework for mutual acceptance of test reports and certificates regarding the safety of electrical and electronic components, equipment, and products at an international level. The scheme facilitates the entry of products with CB certification and test reports into global markets, significantly reducing manufacturers’ costs and easing international trade.
Through inclusion in the CB scheme, CCLab has further expanded its service portfolio for cybersecurity evaluation and certification of the aforementioned categories, offering even greater value to its clients. Cybersecurity is a horizontal requirement category, like EMC, within the CB scheme that can be applied to every connected device. Thanks to services according to ETSI EN 303 645 and IEC 62443-4-1/4-2 standards, the tested products can get internationally recognized certification, guaranteeing compliance with the latest cybersecurity requirements for protecting sensitive data, users and the environment.
Your key to unlocking simplicity in ETSI 303 645 compliance
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
The European Union's digital infrastructure is continuously evolving to facilitate secure, cross-border electronic transactions. In this context, two crucial frameworks—the eIDAS regulation and the Common Criteria standard— play pivotal roles. eIDAS (Electronic Identification, Authentication, and Trust Services) aims to unify and enhance electronic identification systems across the EU. Meanwhile, the Common Criteria standard offers a comprehensive framework for evaluating the security of IT products and systems.
7
min reading time
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
8
min reading time
As consumer IoT devices become more prevalent, ensuring their security is critical to protecting user data and maintaining trust in the expanding IoT ecosystem. One of the most recognized standards for securing these devices is ETSI EN 303 645, which provides a set of baseline requirements for safeguarding consumer IoT products. This standard, introduced by the European Telecommunications Standards Institute (ETSI), addresses common vulnerabilities in consumer IoT devices and establishes guidelines for manufacturers to create more secure, robust, and compliant products.
7
min reading time