Skip main navigation

Code of practice: securing the Internet of Things for consumers

In this step we explore the Code of Practice: Securing the Internet of Things for Consumers
Woman in room with code reflecting on her face

The Code of Practice: Securing the Internet of Things for Consumers, developed by the Australian Government (the Department of Home Affairs and the Australian Cyber Security Centre), is a voluntary set of measures that the Government recommends for industry as the minimum standard for IoT devices.

The Code of Practice is also designed to help raise awareness of security safeguards associated with IoT devices, build greater consumer confidence in IoT technology, and encourage greater IoT adoption.

The Code of Practice is designed for an industry audience and comprises 13 principles:

  • Principle 1: No duplicated default or weak passwords
  • Principle 2: Implement a vulnerability disclosure policy
  • Principle 3: Keep software securely updated
  • Principle 4: Securely store credentials
  • Principle 5: Ensure that personal data is protected
  • Principle 6: Minimise exposed attack surfaces
  • Principle 7: Ensure communication security
  • Principle 8: Ensure software integrity
  • Principle 9: Make systems resilient to outages
  • Principle 10: Monitor system telemetry data
  • Principle 11: Make it easy for consumers to delete personal data
  • Principle 12: Make installation and maintenance of devices easy
  • Principle 13: Validate input data

The Australian Government recommends industry prioritise the top three principles because action on default passwords, vulnerability disclosure, and security updates will bring the largest security benefits in the short term.

Want to know more?


Click the link below to read the Code of Practice in full:

Code of Practice: Securing the Internet of Things for Consumers.

Further reading

For a deeper understanding of Security by Design objectives and security design best practices it is also worthwhile taking the time to read the following IoTSF guide:

Establishing Principles for Internet of Things Security.

This guide looks at questions that need to be considered when designing an IoT device, system or network. A common theme throughout is that investment in security at the design phase can save considerable time, effort and cost. The guide is designed to stimulate thinking on how developers can exercise care and extend a duty of care to others when designing and developing IoT devices and systems.

You should also take the time to read Section 10 (pages 32-33) of the Australian Government’s 2023–2030 Australian Cyber Security Strategy which focuses on promoting the safe use of emerging technology, including the Internet of Things.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now