Authentication and Passwords

5.1-15.1-25.1-35.1-45.1-5
Passwords are used (1)
Pre-installed unique per device passwords are used (2)
The device allows user authentication (8)

Software Update

5.3-15.3-25.3-35.3-45.3-55.3-65.3-75.3-85.3-95.3-105.3-115.3-125.3-135.3-145.3-155.3-165.5-3
An update mechanism is implemented (12)
The device supports automatic updates and/or update notifications (9)
Updates are delivered over a network interface (11)
Software components are not updateable (3)
The device is constrained (4)

If you do not know yet whether the device is constrained, you can use the embeded identification tool.

Secure Storage of Security Parameters

5.4-15.4-25.4-35.4-45.5-65.5-7
A hard-coded unique per device identity is used for security purposes (10)
Sensitive security parameters are stored persistently (14)
Critical security parameters used for integrity and authenticity checks of software updates in device software or for protection of communication with associated services in device software exist (15)

Secure Communication

5.3-15.3-35.3-45.3-55.5-15.5-25.5-35.5-45.5-55.5-65.5-75.5-85.6-55.8-15.8-25.9-35.13-1
Access to device functionality via a network interface in the initialized state is possible (16)
Device functionality that allows security-relevant changes in configuration via a network interface exists (17)
Critical security parameters relating to the device exist (20)
Critical security parameters are transmitted (18)
Critical security parameters are transmitted via remotely accessible network interfaces (19)

Attack Surface Minimization

5.6-15.6-25.6-35.6-45.6-65.6-75.6-85.6-9
A debug interface is physically accessible (13)

Data Security and Privacy

5.8-15.8-25.8-35.10-15.11-25.11-36-16-26-36-46-5
Personal data is processed (28)
Personal data is processed on the basis of consumers' consent (7)
Personal data is transmitted between a device and a service (21)
Sensitive personal data is transmitted between a device and a service (22)
External sensing capabilities exist (23)
Telemetry data being collected (6)

Device Installation and Decommissioning

5.11-15.11-25.11-35.11-45.12-15.12-2
User data is stored on the device (24)
Personal data is stored (26)
Personal data is stored on associated services (25)

Input Validation

5.13-1
Data input via user interfaces or transferred via APIs or between networks in services and devices is supported (27)