Following the first birthday of the PSA Certified assurance scheme, the PSA Certified founders felt it was the perfect time to reflect on some of our key achievements in the last twelve months and exciting updates surrounding the PSA Certified program. In this blog we will touch on new government standards and regulatory alignment with PSA Certified Level 1, the wave of world-leading silicon providers achieving PSA Certified Level 2, plus critical momentum we’ve seen from device manufacturers embracing their role in security for digital transformation.
This means that when a PSA Certified partner (a silicon supplier, software provider or device manufacturer) achieves PSA Certified Level 1 their security efforts can be recognized more widely and shown to be in alignment with some of the world’s biggest markets, allowing them to focus on product differentiation. We believe this will help the ecosystem to navigate confusion around historically fragmented security requirements.
Delivering on Our Promise: Establishing Globally Recognized
IoT Security Best Practice
The foundation of PSA Certified (PSA Certified Level 1) offers a questionnaire which is filled in by the partner and checked by a PSA Certified test lab. The PSA Certified Level 1 questions were originally methodically derived from analyzing threat models of common IoT products and establishing 10 key security goals. For the new PSA Certified Level 1 2020 questionnaire we have aligned wording and provided mappings to the aforementioned global IoT security standards, government requirements and emerging law. This makes it easier for chip makers, software platforms and device manufacturers to show globally recognized best practice.
Many partners have already pledged support for the PSA Certified Level 1 2020 questionnaire, including Renesas who are using it for their latest certifications. We expect many other partners to adopt the questionnaire very soon. If you’d like to learn more about the 2020 questionnaire, read our blog.
PSA Certified: The Fastest Growing Security Scheme
We’re only a year into the existence of the certification scheme, but we’re already seeing significant momentum with the program – in fact we believe it has the broadest support in the ecosystem from silicon and RTOS vendors, backed by great adoption rates.
Silicon Momentum Continues: PSA Certified Level 1
Following on from our initial certifications last year, the momentum behind PSA Certified Level 1 is growing. We now have certifications from eight out of the ten top silicon providers at PSA Certified Level 1, with new certifications from Nordic, Renesas, UNISOC and Winbond. Level 1 is also growing in popularity with software platform providers and device makers who use the questionnaire to demonstrate security by design and mappings to other standards, requirements and regulation.
PSA Certified Level 1: Critical Uptake from Device Manufacturers and Ecosystem Players
Security doesn’t stop at the silicon level, in fact, to truly deliver trusted insights, it is critical that security is layered through the whole device from the ground up. It’s encouraging to see that PSA Certified has had significant uptake with device manufacturers (known as OEMs), thanks to PSA Certified offering best practice assurance, lower total cost of ownership, lower risk and regulatory alignment across geographies. Since the launch of the scheme, we’ve had certifications from Security Platform Inc and Qinglianyun. Embedded Planet, Sigma Delta Technologies Inc. (SDT), Veridify are also committed to PSA Certified Level 1 and they are in the lab at present. Plus certifications from other key ecosystem players such as NXM Labs, RTThread and Zephyr Project by Linaro.
Protecting Against Scalable Software Attacks: PSA Certified Level 2
Certified Level 2 follows on from Level 1 by adding 25 days of
security evaluation of the Root of Trust (PSA-RoT) in a test lab (see
the PSA Certified
Level 2 Protection Profile for details on the evaluation). The
purpose of Level 2 is to provide independent assessment that the
PSA-RoT meets nine security requirements expected from this
sub-system and that it can protect against scalable software attacks
that are the common baseline threat for IoT. It
represents significant dedication to security, where the chip vendor
needs to provide evidence of protecting against scalable, remote
After announcing the availability of PSA Certified Level 2 at Arm TechCon, we have commitment from several of the key silicon vendors. STMicroelectronics has already achieved certification with their STM32L5 family. At the time of writing there were six more major chip vendors with products being evaluated at the labs: Cypress, Microchip, NXP, Nuvoton, Renesas and UNISOC have also committed to PSA Certified Level 2 and are currently in the lab expected to achieve certification in the near future.
Pre-certification for FPGA and test-chips: PSA Certified Level 2 Ready
We also recently announced PSA Certified Level 2 Ready, which reflects the fact that everyone has unique requirements in the security space. PSA Certified Level 2 Ready is a pre-certification assessment for development systems which have made significant investment in security, but with waivers for things like JTAG access and non-secure boot, which are often necessary to omit during the development phase and then enable in production. By achieving PSA Certified Level 2 Ready, partners can speed to route to the more comprehensive PSA Certified Level 2 certification for the mass production products. Several companies have completed the PSA Certified Level 2 Ready pre-certification step and received their Evaluation Technical Reports including Winbond, Arm China and Arm.
PSA Certified APIs & PSA Certified Functional API Certification: Smoothing the Route to Market
As we all know, for security to be scalable, hardware and software need to come together harmoniously. We are seeing continued momentum across the industry with a number of key partners adopting the PSA Functional APIs, smoothing the route to market whilst reducing development time and cost. The support for the key security functions spans across silicon, RTOS and middleware vendors.
The PSA Certified Functional API Certification represents that developers have correctly implemented mechanisms to access the critical, complex security features that change from chip-to-chip. NXM Labs, RTThread, STMicroelectronics, Winbond and Zephyr Project have achieved PSA Certified Functional API Certification since the launch last year.
It Takes an Ecosystem to Secure the IoT
Watch This Space
We’ve had an exciting year which is a reflection of hard work from both the PSA Certified founding members and the lead partners. This year we’re expecting more momentum with the program as more partners join PSA Certified. Together we will make the Internet of Things a more secure, smarter place.
Find out how PSA Certified can help you to gain security assurance faster.