Security
Advancing Secure Home Networks: Gateway Device Security Best Common Practices 2.0
Key Points
- CableLabs has released an update to guidance that strengthens the security of home gateway devices — including cable modems, routers and access points — against evolving cybersecurity threats.
- The collaborative industry framework provides broadband operators with a clear, future-ready roadmap for securing such devices.
Cybersecurity threats are evolving faster than ever, and connected home devices can be a pathway for malicious actors to gain access to home networks.
At the center of home networks are gateway devices — cable modems, integrated access points and home routers. Their security isn’t just important, it’s essential. That’s why CableLabs is pleased to announce the release of the Gateway Device Security Best Common Practices (GDS BCP 2.0), an update designed to keep pace with the latest industry standards and strengthen the security posture of cable broadband networks for the future.
Why It Matters
In 2021, the first version of the GDS BCP set the bar for securing gateway devices across the broadband industry. The GDS BCP even earned recognition in the 2024 U.S. National Institute of Standards and Technology’s Internal Report “Recommended Cybersecurity Requirements for Consumer-Grade Router Products” (NIST IR 8425A) as a recommended resource to use for the cybersecurity of consumer-grade router products.
However, as the threat landscape evolves, so must our practices. The GDS BCP 2.0 closes gaps identified in the NIST crosswalk and integrates feedback from industry experts to ensure these practices remain relevant and resilient.
What’s New in the GDS BCP 2.0?
Here are the major updates:
- Gap Analysis & Clarifications - The GDS BCP 2.0 addressed gaps highlighted by NIST IR 8425A, adding clearer guidance and additional requirements for asset identification, device configuration and access control across network interfaces.
- SBOM Best Practices - A software bill of materials (SBOM) — defined as “a nested inventory for software, a list of ingredients that make up software components” — is a “key building block in software security and software supply chain risk management.” With government stakeholder guidance on SBOMs increasing and industry adoption maturing since the first release, the GDS BCP 2.0 now incorporates recommendations for SBOM practices to boost software supply chain transparency, improve vulnerability mitigation and management, and ensure alignment with applicable rules and requirements.
- Cryptographic Agility - As governments worldwide ramp up efforts to address the cryptographic risks posed by quantum computing, critical infrastructure operators are taking action to future-proof their networks by enabling cryptographic agility and shifting to post-quantum cryptographic paradigms. The GDS BCP 2.0 phases out legacy cryptographic algorithms and recommends quantum-resistant key encryption protocols, aligning with Internet Engineering Task Force (IETF) standards on post-quantum computing readiness and CableLabs initiatives including its Future of Cryptography, Zero Trust Infrastructure and DOCSIS Security working groups.
Collaborative Industry Effort
Gateway Device Security BCP 2.0 is more than an update. It’s a continued commitment to safeguarding broadband networks in an era of rapid technological change.
This release represents the culmination of a collaborative industry effort, developed through the invaluable contributions of CableLabs’ working group members and vendor participants. By closing gaps, promoting supply chain transparency and preparing for a quantum-secure future, we are helping the industry remain resilient and ready for what lies ahead.
If you’re a member or part of our vendor community, consider joining the working group to get involved in this work.
Download the GDS BCP 2.0 here, or view it using the button below.