Australian Standards Overview
Australia has introduced mandatory baseline cyber security requirements for most consumer-grade smart devices through the Cyber Security Act 2024 and the Cyber Security (Security Standards for Smart Devices) Rules 2025.
The regime is closely aligned with the first three consumer Internet of Things (IoT) security outcomes used in the UK's PSTI regime and ETSI EN 303 645: no universal default passwords, a public security issue reporting process, and transparent support-period information.
| Standard | Summary | Link |
|---|---|---|
| Cyber Security (Security Standards for Smart Devices) Rules 2025 | Mandatory baseline requirements for consumer-grade smart devices supplied in Australia. | Smart Device Security Rules Overview |