- Must use TLSv1.2 for all communications via WAN, preferably via LAN
- Certificates must be verified on connection
- No default username/password
- Devices must not ship with a well-known username and/or password
- Unless the password must be changed on first use No backdoor passwords in firmware. This can be dumped and reversed and published.
- Devices must not ship with a well-known username and/or password