|
Article 23
|
(Equipment and software control and management)
The IoT equipment installed by an organization shall have a security updating system and updates should be made regularly to maintain the functions and integrity of the equipment.
|
|
Article 24
|
(Control and management of access to equipment)
The IoT equipment installed by an organization shall have an identity verification system or pairing and bondingsystem, and requires a change to the initial password. Authorization of users should be granted on a minimal basis to ensure only authorized users may access data, manage the equipment and have security updates.
|
|
Article 25
|
(Control and management of equipment connection)
An organization shall turn off or disable unnecessary online connection and services of the IoT equipment and avoid uses of an Internet location open to the public. If the equipment is using a public Internet location, a firewall at the front of the equipment should be in place for protection, and accesses should be filtered based on a white list. If the equipment connects to the Internet via a wireless network, a wireless access point with the encryption protocol should be used for the Internet connection, and only the network interface cards with their number on the white list may access the equipment or other protection measures should be taken.
|