Home Compliance & Certification IoT Secure Configuration Screenshot Guide

IoT Secure Configuration Screenshot Guide

Last updated on Dec 09, 2025

1. Purpose of This Guide

IoT devices (CCTV cameras, door sensors, smart TVs, Wi-Fi printers, IP speakers, etc.) often come with convenience features that can accidentally become security weaknesses. This artefact demonstrates that your organisation has configured business-critical IoT devices securely and kept them separate from networks that handle work data.

This requires evidence showing that you have taken practical steps to protect your IoT fleet, such as:

  • Placing IoT devices on a separate network or VLAN

  • Disabling risky features like auto-discovery and Universal Plug and Play (UPnP)

  • Using IoT products with Singapore’s Cybersecurity Labelling Scheme (CLS) where available

Your evidence proves that your IoT environment isn’t left open like an unlocked castle gate.

2. What You Will Submit

You may upload one or more screenshots showing any of the following:

  • IoT devices connected to a separate Wi-Fi network or VLAN
    e.g., “IoT-Network”, “Guest IoT”, “CCTV Network”

  • Router or firewall configuration showing:

    • Network segmentation

    • Device isolation

    • IoT VLAN setup

    • Blocking IoT devices from accessing corporate networks

  • Device settings pages showing that:

    • UPnP is disabled

    • Auto-discovery is disabled (e.g., mDNS, DLNA, auto-pairing)

    • Default passwords have been changed (optional but good to show)

  • Evidence of cybersecurity-labelled IoT devices, e.g.

    • Photo of the CLS label on the device box

    • Product page showing CLS Level 1/2/3

Auditors do not expect you to submit all of these — just whatever applies in your environment.

3. How to Collect / Obtain / Generate This Evidence

Choose the method that matches your setup. Below are the most common scenarios.

A. Network Segregation Evidence (Recommended)

Home/SMB routers (Asus, TP-Link, Linksys, D-Link)

  1. Log in to your router admin page (often 192.168.1.1).

  2. Open Wireless Settings or Network.

  3. Show the IoT Wi-Fi network (e.g., “IoT”, “CCTV”) separate from your work network.

  4. Screenshot:

    • SSID name

    • VLAN ID (if applicable)

    • Guest network isolation switch (if used)

Business Firewalls (Fortinet, SonicWall, UniFi, Meraki)

  1. Open Network → VLANs or Networks.

  2. Show IoT VLAN configuration.

  3. Show firewall rule preventing IoT → Corporate network access.

  4. Take a screenshot of the configuration page.

B. IoT Device Configuration Screenshots

Choose any IoT device in use (e.g. CCTV, NAS device, Smart TV, Door Access Controller).

Screenshots should show:

1. UPnP Disabled

Typical locations:

  • Settings → Network → Advanced → UPnP

  • Admin → Security → UPnP

2. Auto-Discovery Disabled

E.g.:

  • “Discovery Mode: Off”

  • “Auto-pairing: Disabled”

  • “DLNA: Off”

  • “Bonjour/mDNS: Off”

3. Device on IoT Network

Show Wi-Fi settings indicating it is connected to the IoT SSID.

C. Cybersecurity Labelling Scheme (CLS) Evidence

If your IoT device is CLS-labelled:

  1. Take a photo of the packaging showing the CLS rating (Level 1–4).

  2. Or screenshot the official product listing with the CLS badge.

This is optional but strengthens your compliance.

4. Evidence Format

Accepted File Types:

  • PNG

  • JPG

  • PDF

Suggested Naming Convention:
YourCompanyName_IoT_SecureConfiguration_YYYY-MM-DD

Example:
AcmeClinic_IoT_SecureConfig_2025-03-15.png

5. What “Good” Looks Like

A strong submission includes:

  • Clear indication that IoT devices are isolated
    (“IoT VLAN”, “Guest IoT Network”, firewall rule screenshot)

  • Security features disabled
    Especially:

    • UPnP

    • Auto-discovery

    • Peer-to-peer discovery features

  • Some form of IoT hardening
    (firmware up to date, admin password not default)

  • Readable screenshots
    Device name, setting names, and ON/OFF toggles should be visible.

  • Optional but excellent
    Proof that the devices carry a Cybersecurity Labelling Scheme badge.

This shows the auditor that your IoT devices can’t freely wander into your corporate network or turn themselves into tiny digital spies.

6. Tips

  • Redact IP addresses if they expose your internal structure.

  • If your company has NO business-supporting IoT devices, mark this artefact “Not Applicable” — the clause allows it.

  • If IoT devices exist but are unmanaged (e.g., landlord CCTV)
    Show documentation stating they are not part of your corporate environment.