Analyze: Identify Right-Size Security for your IoT Product
Understand the assets, threats, and counter-measures needed for your specific product, and embed security into every element and process during product development.
Threat Modeling and the PSA Certified Security Model help you create products with right-size security, and ensure you aren’t over-spending on security nor exposing your device, organization or customers to unnecessary risk.
Follow the Threat Modeling Process
- Review the operating environment of your IoT product
- Assess the various ways the device could be attacked
- Highlight critical issues that should be addressed to ensure your product is built with the right level of robustness
The outcome: A Threat Model and Security Analysis document
The PSA Certified ecosystem has provided threat model and security analysis (TMSA) documents for three use cases. These editable documents follow a systematic process for threat modeling.
A device manufacturer can download these examples and use them to create a threat model and security analysis document for their own specific use case.
Align to the PSA Certified 10 Security Goals
Alongside use case-specific requirements, PSA Certified outlines top-level requirements for IoT products, sharing 10 Security Goals that should be implemented and considered in all IoT components. These are outlined in the PSA Certified Security Model.
The PSA Certified founders have provided the Security Model and TMSA documents.
Three published example Threat Model and Security Analysis (TMSA) documents are currently available, these can be downloaded and adapted for new use cases.