Why Choose a Product with BSI Kitemark™ Certification for Smart Residential Locking Devices?
Keep your loved ones safe with independently certified home security.
When it comes to protecting your home and the people you care about, you want reassurance that your smart lock is safe, reliable, and built to a high standard. A product with BSI Kitemark certification for smart residential locking devices gives you that confidence because the lock and its app have been independently tested for both physical security and cyber security, and checked regularly to ensure they continue to meet these high standards. Choosing a smart lock with Kitemark certification means you’re selecting a product that has been proven to work safely, securely, and consistently.
This programme has been developed in collaboration with Secured by Design (SBD)
Secured by Design (SBD) is the official police security initiative that improves the security of buildings and their immediate surroundings to provide safe places to live, work, shop, and visit.
In 2022, SBD introduced the ‘Secure Connected Device (SCD)’ accreditation scheme in line with government legislation for companies providing Internet of Things (IoT)- connected products. Without the appropriate levels of security, any internet-connected device or app risks providing cyber criminals with the ‘key’ to accessing and stealing personal data.
BSI is an IoT Certification Body for the Secure Connected Device program.
The Typical Standards the Device is Tested Against Include:
Please note that this is not a comprehensive overview of all the standard and testing requirements. It highlights key features of the standards, testing, and certification process.
Cylinders – TS 007 – 2 - Enhanced Security Mechatronic Cylinders and Associated Hardware.
Physical Attack Resistance
- Drilling: Must resist drilling with standard and specialized drill bits.
- Picking: Withstand picking with common locksmith tools.
- Bumping: Resist cylinder bumping attempts with anti-bump mechanisms and defined bump key configurations.
- Snapping: Endure snapping with a torque of 30 Nm, using break-away sections or reinforced bars.
Operational Reliability
- Cycle Testing: Operate correctly for 100,000 cycles without failure.
- Temperature Testing: Function within -20°C to +60°C without performance loss.
- Humidity Resistance: Maintain functionality in 95% relative humidity.
Electronic Security
- Encryption: Use best-practice encryption for all communications and data.
- Tamper Resistance: Encase electronic components in tamper-evident and tamper-resistant housings.
- Access Control: Implement multi-factor authentication and securely store access credentials.
TS 621 - Electronic Door Locking Devices
Resistance to Electronic Attacks
- Penetration Testing: Regularly test against brute force, replay attacks, and unauthorized remote access.
- EM Attack Resistance: Include shielding to protect against EMI.
Mechanical Durability
- Load Testing: Withstand a 200 kgf force in various directions.
- Environmental Testing: Maintain performance when exposed to dust, water (IP55 or higher), and other environmental factors.
Power Supply and Battery Life
- Battery Testing: Operate for at least 6 months on battery power under normal usage. Include battery life indicators and low-power alerts.
- Power Failure Protocols: Maintain security during power failures with backup power options.
Cybersecurity (Residential)
ETSI EN 303 645 V2.1.1/ ETSI TS 103 701 V1.1.1
Data Protection
- Assuring that only the minimal required data is captured and that the users are informed of it.
- Enforcing encryption and /or electronic protection for all data stored locally and in transit.
Vulnerability Management
- Regular Updates: Incorporate the means for delivering updates in a timely fashion and clearly inform the users of their availability.
- Vulnerability Reporting: Implement a process for vulnerability disclosure and response.
Secure Communications
- Enforce secure encryption
- Authentication: Implement robust and secure authentication mechanisms.
Software and Firmware Updates
- Secure Update Mechanism: Assure that the software updates' authenticity, integrity, and confidentiality are controlled.
- Update Policy: Provide and maintain a clear update policy, enabling full transparency for the users.
OWASP ASVS/MASVS Application Standards - Main Areas
ASVS Security Testing Categories:
- Architecture
- Authentication
- Session Management
- Access Control
- Input Validation
- Stored Cryptography
- Error Handling and Logging
- Data Protection
- Communication Security
- Malicious Code
- Business Logic
- Files and Resources
- Web Service
- Configuration
MASVS security testing categories
MASVS-STORAGE: Secure storage of sensitive data on a device (data-at-rest)
MASVS-CRYPTO: Cryptographic functionality used to protect sensitive data
MASVS-AUTH: Authentication and authorization mechanisms used by the mobile app
MASVS-NETWORK: Secure network communication between the mobile app and remote endpoints (data-in-transit)
MASVS-PLATFORM: Secure interaction with the underlying mobile platform and other installed apps
MASVS-CODE: Security best practices for data processing and keeping the app up to date
MASVS-RESILIENCE: Resilience to reverse engineering and tampering attempts
MASVS-PRIVACY: Privacy controls to protect user privacy
Authentication and Authorisation
- Multifactor / Out of Band Authentication supported and enforced.
- Access Controls: Enable role-based access controls and enforce the principle of least privilege
Data Security
- Encryption: Enforce robust encryption on the data at rest and in transit.
- Data Integrity and authenticity: Enforce controls to verify the integrity and authenticity of the transmitted data.
Cryptographic Controls
- Robust Algorithms: support only proven and robust Encryption algorithms.
- Key Management: Follow industrial-adopted best practices for Key management during their full lifecycle.
Secure Logs
- Event logging: Log all security-related events on a dedicated secure logging mechanism with anti-tampering controls.
What Does the BSI Kitemark for Smart Residential Locking Devices Mean?
BSI Kitemark Certification for smart locking devices is designed to help people to easily identify devices that can be trusted to be safe, secure, functional, and reliable.
This certification supports a business's journey in a digital world and provides homeowners with confidence in IoT-connected devices. BSI has developed this Kitemark certification programme for smart residential locking devices to support all types of locking devices, mechatronic door locking furniture, and enhanced security cylinders.
When you see the BSI Kitemark Certification for smart residential locking devices, you can be assured that the product has been tested for both functionality and security. Continued assurance of the product's quality and security is provided through annual assessments of the product and the relevant quality management systems for ongoing production. Internationally recognized and respected, the BSI Kitemark can help enhance a manufacturer’s reputation and boost customer confidence.
