What are the PSA Certified Levels?
The PSA Certified framework and certification program guides you to security best practice and enables device makers to choose a chip with the appropriate level of security assurance and robustness for their market.
- PSA Certified Level 1 is for device, software and chip vendors who want to demonstrate that good security principles have been applied
- PSA Certified Level 2 is for chip vendors who want to use independent testing to show that their PSA Root of Trust (PSA-RoT) security component can protect against software attacks
- PSA Certified Level 3 is for chip vendors who want to provide evidence that the PSA-RoT protects against substantial hardware and software attacks.
- PSA Certified Level 2 + Secure Element is an additional PSA Certified certification which recognizes solutions that also have substantial physical protection for the cryptographic keys and cryptographic operations.
- PSA Certified Level 2 or PSA Certified Level 3 RoT Component is a certification for IP components that cannot complete a full certification.
How Does My Company or Product Become PSA Certified?
To become PSA Certified you first need to select a PSA Certified evaluation laboratory. Each PSA Certified lab set their own pricing structure, so it’s recommended to speak to a couple of a different labs to get quotes. From there, the process looks a little bit different depending on which PSA Certified level you’re aiming for, and what type of product you are responsible for. For PSA Certified Level 1, you will be expected to fill in the PSA Certified Level 1 questionnaire and then get a lab to review and feedback. For any of the other levels, the product will need to have vulnerability assessment in the lab.
There is more information in the sections below which describes the testing for different types of organizations.