Close Search

PSA Certified Level 1

Assessing security principles-based design for IoT products

Since most Internet of Things (IoT) attacks exploit the most basic vulnerabilities, a baseline of security is required to build a foundation of security for the IoT.

PSA Certified Level 1 provides independent assurance of security best practice for IoT products, assessing chips, RTOS and IoT devices. This assessment provides an audit and evidence that security best practice has been implemented into a product.

The assessment is carried out through a self-completed questionnaire containing a set of critical security questions, followed by a laboratory review. These ensure that products have been developed with a security principles-based design.

The questionnaire is provided in a layered format for the different components of a device, with separate section for chip, OS and device.

Products passing PSA Certified Level 1 gain a quality marker showing they have essential security capabilities and provide a level of trust.

 

Creating the PSA Certified Level 1 Questionnaire

The PSA Certified Level 1 was methodically developed from an evidence base using IoT threat models, the PSA Security Model document and government guidelines and requirements. These inputs create a unique approach to IoT security, ensuring a solid, foundation of security requirements are assessed.

PSA Certified Level 1 was developed using three inputs: IoT threat models, security best practice and government regulations
PSA Certified Level 1 was developed using three inputs: IoT threat models, security best practice and government regulations

Worldwide Adherence to Regulations

Recently, new IoT standards and government-backed requirements have emerged for the IoT market. While these are important to set clear security fundamentals for all connected products, they put the responsibility onto the manufacturers and unearth a further challenge for companies looking to create products that can scale globally.

With new regulations emerging, it can be difficult navigating global requirements
With new regulations emerging, it can be difficult navigating global requirements

PSA Certified has carried out a security mapping to ensure that products using version 2 of the PSA Certified Level 1 questionnaire align with the latest regulations. This makes it easier for chip makers, software platforms and device manufacturers to navigate a confusing market and develop products that are applicable to the world’s biggest markets.

Mappings are provided for ETSI 303 645, NIST 8259v2 and Californian State Law SB-327.

The PSA Certified Level 1 version 2.0 questionnaire is mapped to ETSI, NIST and Californian State Law requirements
The PSA Certified Level 1 version 2.0 questionnaire is mapped to ETSI, NIST and Californian State Law requirements

Next Steps

Find PSA Certified Level 1 resources including the questionnaire and step-by-step guide

Get Started