Building Trust through Independent Security Assessment
The Internet of Things (IoT) has fast become a part of everyday life and slowly it is starting to transform operations for both businesses and consumers. However, with this growth comes increasing fragmentation and rising IoT security concerns. To enable businesses to make decisions based on data and insight, they need to be able to trust IoT devices and the data being gathered. Customers can only realise the true potential of the data by having the right level of security designed into their devices. This is where certification comes in.
Why is Certification Important?
- IoT has a huge and diverse landscape, the industry needs scalability and consistency across large-scale IoT deployments.
- Independent security testing, like PSA Certified, ensures that products reach a certain security bar. This gives the industry a common language to rely on that others understand. It reduces the complexity when building devices, as you can filter out products that don’t match your requirements, reducing time-to-market and development cycles.
- As IoT security continues to hit the press headlines, the industry is seeing an increasing number of guidelines and local regulations coming into place. PSA Certified allows you to be ahead of the curve by adhering to good security protocols.
- For businesses to make decisions that will transform their operations, they need to be able to trust the data, enabling digital transformation.
Building on the Foundations of the Platform Security Architecture
PSA Certified builds on the foundations of the Platform Security Architecture (PSA), which was created to address the need for scalability and consistency across large-scale IoT deployments. PSA can be used by the entire ecosystem, no matter your job title.
PSA can be thought of as providing the recipe (architecture documents) and ingredients (open source code, threat models, development boards and models) to make security easier, no matter your level of security expertise. Through this approach, we are working with the electronics industry to make the development of trustworthy chips, firmware, software and devices more straightforward.
PSA Certified represents the fourth step, “Certify”, in the Platform Security Architecture framework:
- Analyze: Create a threat model to assess the risks to your system and to work out your security requirements.
- Architect: Use the PSA security architecture specifications to build in security and trust.
- Implement: Port the open source Trusted Firmware-M (TF-M) software to your hardware to form a PSA Root of Trust (PSA-RoT) or develop equivalent functionality using secure development processes. TF-M also offers a number of security functions and API examples which can help to build a consistent developer experience.
- Certify: Use PSA Certified and independent test lab evaluation to provide security assurance to your customers.
Three Progressive Levels of Certification
PSA Certified is the independent security evaluation scheme for PSA-based IoT chips, OS and devices. It aims to build trust for the IoT value chain that starts with a multi-level assurance program for chips containing a security domain called a Root of Trust (PSA-RoT). The multi-level assurance scheme helps device makers and businesses get the level of security they need for their use case, based on security requirements established during the analyze phase of PSA.
PSA Certified focuses on the common parts of IoT systems and the central role of the PSA-RoT in providing a trustworthy security domain. The security evaluation scheme can apply to many use cases and markets, has been designed to be cost effective, fast to market and available at multiple test labs providing global testing.
Two Types of Certification
PSA Functional API certification assesses API compliance with the PSA developer APIs.Learn more
Security certification has three progressive levels of security testing, with increasing robustness of testing.Learn more
The PSA architecture documents, developer APIs and PSA evaluation scheme are published as public documents. They have been designed to fit well with the needs of resource-constrained systems using microcontroller-based chips.
Building secure chips and devices for IoT is non-trivial. The documents, deliverables and testing scheme of PSA Certified have been designed to make the path easier, quicker and more affordable for the electronics industry. Chip vendors, RTOS companies and OEMs who have their products PSA Certified can showcase their solutions on this website and use PSA Certified trademarks and logos appropriately. You can request a trademark agreement here.