Xiaomi’s guidelines are entitled "Cyber Security Baseline for Consumer Internet of Things Device Version 2.0" and aim to protect security and user privacy with a comprehensive set of requirements.
The guidelines cover device hardware and software and device communication. They also provide requirements for data security and privacy, which include communication security, authentication and access control, secure boot and data deletion.
Xiaomi said it expected that its new security baseline would be followed by all Xiaomi smart devices. Xiaomi, the second-largest manufacturer of smartphones after Samsung, also owns the world's leading consumer AIoT platform.
According to the company, as of November 2021, Xiaomi's AIoT platform has connected more than 400 million devices, excluding smartphones and laptops. Moreover, it said, there are now more than 8 million users with 5 or more Xiaomi IoT devices around the world.
Xiaomi said that until their new guidelines there has been “no general standard that can be publicly queried and implemented.”
“Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products,” the company said in a statement.
"Over the years, we have made great efforts to protect users' security and privacy. I'm confident and proud to say that Xiaomi is in the leading position of IoT security policies and practices in the world, and we will continue to work hard to build a better IoT ecosystem for our users." said Cui Baoqiu, Xiaomi’s vice-president and chairman of Xiaomi’s security and privacy committee.
The company also announced that it had recently achieved BSI IoT Kitemark, a certification standard owned and operated by the certification company BSI.
Obtaining the BSI IoT Kitemark™ Certificate means that Xiaomi products are in compliance with multiple global cybersecurity standards, the company said.