Xiaomi presents the second version of the "Basic level of cyber security for IoT consumer devices" - the new IoT global standards directive and announces that the Xiaomi Mesh System AX3000 has received the BSI IoT Kitemark™ certificate - two important steps to strengthen IoT security policies and practices.
Xiaomi, the consumer and smart electronics company that created the world's leading AIoT (AI+IoT) platform, has released a new set of global standards aimed at supporting and reassuring consumers about the security of their data when using IoT products.
The directive, entitled "Cyber Security Baseline for Consumer Internet of Things Device, Version 2.0" (Cyber Security Baseline for Consumer Internet of Things Device, Version 2.0)*[1] aims to protect the security and privacy of users through a comprehensive set of requirements that includes recommendations from hardware and software devices to communication. It also specifies requirements for data security and privacy, including communication security, authentication and access control, secure download, data deletion, etc. This is the basic level of security that all Xiaomi smart devices must adhere to.
This document addresses the needs of the consumer IoT industry as there is no such common standard that can be publicly requested and enforced. Companies will now be able to use this directive to avoid some major security and privacy risks and quickly improve the security and privacy capabilities of their IoT products.
Xiaomi has built the world's leading AIoT platform for consumers. As of November 2021, more than 400 million devices, excluding smartphones and laptops, are connected to Xiaomi's AIoT platform, and more than 8 million users worldwide have 5 or more Xiaomi IoT devices. Xiaomi offers its users the most comprehensive security protection and explores the best industry solutions and common standards for other stakeholders.
The directive comes after the British Standards Institute (BSI) confirmed that the Xiaomi Mesh System AX3000 has received the BSI IoT Kitemark™ certificate, which undoubtedly confirms the high degree of agreement between Xiaomi's directive "Cybersecurity Baseline for Consumer Devices Internet of Things" and international IoT security standards set by BSI.
"The security and privacy of users is Xiaomi's top priority, and we assure you that this applies to all markets in which we operate. I am glad that the Xiaomi Mesh System AX3000 has also successfully received the BSI Kitemark™ certification. Over the years, we have made significant efforts to protect the security and privacy of our users. I can confidently and proudly say that Xiaomi is at the forefront of IoT security policies and practices in the world. We will continue to work hard to build a better IoT ecosystem for our users," said Cui Baoqiu, Vice President of Xiaomi and Chairman of Xiaomi's Security and Privacy Committee.
David Mudd, BSI's director of global digital and connected product certification, said: “Connected devices can bring huge benefits to society, but it is crucial that their functionality and security can be trusted throughout the life of the device. By earning its product the BSI Kitemark™ for IoT devices and subjecting its systems to regular and independent testing and monitoring, Xiaomi demonstrates its commitment to data protection to its consumers. Congratulations to the Xiaomi team on this achievement."
The BSI IoT Kitemark™ is a registered product and service quality certification mark owned and managed by the British Standards Institution (BSI). BSI conducts technical testing and security audits of Internet of Things (IoT) systems, giving consumers confidence that they are using secure and reliable IoT devices that meet the highest standards. Obtaining the BSI IoT Kitemark™ certificate means that Xiaomi products comply with many cybersecurity standards, including the ETSI/EN303645 standard of the European Telecommunications Standards Institute (ETSI), as well as the 10 key security requirements of the Open Web Application Security Project® (OWASP).
Xiaomi receives this international security accreditation for the third time – in July 2021, the Mi 360° Home Security Camera 2K IR video camera and the Xiaomi Home App received the BSI Kitemark™ award.
This is just a small part of what Xiaomi has achieved in the field of IoT security. In June 2021, Xiaomi released the Xiaomi IoT Privacy White Paper*[2], which explains Xiaomi's security policy and privacy practices in IoT products. In November of the same year, in the article "The Contemporary Use of Vulnerability Disclosure in IoT" (Report 4: November 2021)*[3] published by the Internet of Things Security Foundation (IoTSF), Xiaomi was mentioned as one of 21 IoT device vendors that passed the extended threshold test - the company received the highest rating for its security vulnerability disclosure policy, demonstrating Xiaomi's leadership in IoT security.
In the future, Xiaomi will continue to improve its IoT security system while strengthening its security management and technical testing capabilities to meet the industry's global leadership status and enable everyone in the world to enjoy a better and smarter life through innovative and safe technologies.
[1] Xiaomi Cyber Security Baseline for Consumer Internet of Things Device can be downloaded at https://trust.mi.com/
[2] Xiaomi IoT Privacy White Paper can be downloaded at https://trust.mi.com/
[3] “The Contemporary Use of Vulnerability Disclosure in IoT” (Report 4: November 2021), published by the Internet of Things Security Foundation (IoTSF): https://www.iotsecurityfoundation.org/wp-content/uploads/2021/11/The-Contemporary-Use-of-Vulnerability-Disclosure-in-IoT-IoTSF-Report-4-November-2021.pdf
