PSA Certified Level 1 for device manufacturers involves the evaluation of an IoT device to assess whether it adheres to security best practice. The assessment process was developed by industry-leading security experts, and assessment is carried out via a questionnaire that covers the baseline security requirements needed to mitigate common threats, which is then reviewed by one of the PSA Certified evaluation labs.
Building-In Security: Where to Start
PSA Certified breaks down IoT security design and implementation into a simple four-step process, making it easier and quicker to embed best practice security into the heart of your device.
- Analyze: The first step is to analyze your product via a threat model to determine the relevant threat vectors and establish the level of robustness needed in your device. The PSA Certified founders provide three editable Threat Model and Security Analysis documents to guide you with your analysis.
- Architect: Using the output of your threat model, select components that allow you to architect in the right level of security for your device. PSA Certified’s multi-level silicon certifications allow you to easily choose a silicon chip with an appropriate level of security robustness.
- Implement: After selecting your silicon, you’ll need to select a system software provider, implement the trusted components and firmware, making use of high-level PSA Functional APIs to build in security, and create an interface to the hardware Root of Trust (RoT).
- Certify: Complete and submit your questionnaire for independent lab-based security evaluation and certify your device to demonstrate your commitment to security best practice. Your PSA Certified Level 1 device is then showcased on the PSA Certified website.
Independent IoT Security Assessment and Certification
The assessment for PSA Certified Level 1 is accomplished through a questionnaire followed by a review by an independent PSA Certified evaluation laboratory. The labs evaluate the security of a wide range of devices every day, bringing with them a wealth of experience and knowledge of a wide range of potential device threats. Certification results in a security audit and an evidence-base to showcase your security investment.
You can also complete the security mapping in PSA Certified Level 1 for various important cybersecurity baselines such as NIST 8259A and ETSI EN 303645. These are contained in the PSA Certified Level 1 questionnaire appendices.
To complete your certification, you can choose an industry-leading evaluation lab and negotiate certification costs with the lab. For clarity on the program and certification process, enquire with the Certification Body, TrustCB.
Assessment Based on Key Security Principles
If you have implemented pre-certified silicon and a pre-certified software platform the certification process is greatly reduced, and you only need to show evidence of a limited number of key processes and implementations. The device-level requirements for PSA Certified Level 1 are defined in the PSA Certified Level 1 questionnaire.