How Does PSA Certified Level 3 Work?
The process starts with silicon vendors creating a hardware Root of Trust (PSA-RoT) which makes use of built-in security functions such as: secure boot, secure storage, cryptographic services and attestation. Your chosen PSA Certified evaluation laboratory will evaluate your implementation of the PSA-RoT using vulnerability analysis and penetration testing, in order to establish if the PSA Certified Level 3 Protection Profile requirements have been met.
The test laboratory will use 35 days of white box evaluation to carry out vulnerability analysis and then penetration tests of the chip’s PSA-RoT.
Proven Substantial Protection from Software and Hardware Attacks
PSA Certified Level 3 offers increased robustness for OEMs building applications with high-value assets.
Establish Trust Based on Independent Third-party Evaluation
Build trust with customers through unbiased and independent evaluation of products.
Offering Flexibility with a Choice of Evaluation Methodology
We believe that choice is important, which is why we offer two protection profiles: SESIP or CSPN style.
PSA Certified Level 3 At a Glance
PSA Root of Trust
|Security Functional Requirements
35 days* white box evaluation
*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 35 days of evaluation efforts include Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.
Evaluation Methodology Choice for PSA Certified Level 3
At PSA Certified we recognise that choice is key. To reduce certification fragmentation and make it easier to adopt security certification we’re offering an additional evaluation methodology, which makes PSA Certified more extensible in other markets.
Silicon vendors choosing to carry out PSA Certified Level 3 testing can choose between one of two equivalent evaluation methodologies providing the same level of assurance: either the PSA Certified Level 3 Lightweight Protection Profile (informal CSPN style) or the PSA Certified Level 3 GlobalPlatform SESIP Profile (more formal style).
Although written in different styles, they are designed to require the same features and the same level of security. Both should result in the test house performing the same testing. Both methodologies are assessed by the same team at the certification body, and both lead to the same PSA Certified certificate. Both documents outline the security requirements that will be evaluated by the evaluation lab.
For your first certification, the CSPN route is possibly simpler as you do not need to use formal language. If you want to use your certificate in composition as part of a larger certification then you may want to choose the SESIP route.
PSA Certified Level 3 RoT Component
Showcase RoT components that provide substantial robustness and assurance including protection from physical attacks, by aligning to a sub-set of the PSA Certified Level 3 requirements. This process uses the SESIP protection profiles and allows you to achieve an official PSA Certified certificate.