Critical security questions for chip vendors, OS providers and OEMs
PSA Certified Level 1 is a set of critical security questions that the developer should answer and review with a test laboratory. It has been designed in a composite style with three separate sections for: chip vendors, OS suppliers and OEMs. Level 1 derives its questions from the PSA Security Model goals and a library of IoT threat models. When filled out it provides an evidence base that foundational security goals have been met. Since many attacks exploit basic vulnerabilities in a device achieving Level 1 is an important step in improving IoT security. To help you get started the Level 1 questionnaire is ready to download on the resources page.
Find out more about the PSA Security Model goals here.
The questions require written responses as evidence of how the chip, operating system or device meet the security requirements. Questions can have a response of “not applicable” or “partial” as well as yes, allowing for corner cases to be covered. For example, a disposable IoT device might not require update functionality and therefore not applicable “N/A” might be selected with a written rationale.
Level 1 is at the scope of device or platform SoC. It aims to catch common security issues through an assessment of security functions. The design of the questionnaire enables chip vendors, OS companies and device makers to download the questionnaire, fill it in and then contact a participating PSA Certified test lab for an interview style assessment. It is anticipated that this will take less than one day.
The PSA Security Model describes ten goals of a secure system. If the test lab assesses that the written answers and interview are satisfactory (meet a required threshold) a Digital Certificate will be published on this website with a unique reference number. It is recommended that the digital certificate number is used in the chips entity attestation token as its “HW version” claim.
PSA Certified Level 1 – Getting started
PSA Certified Level 1 uses a questionnaire with critical security questions. It has individual sections for the chip vendor, RTOS vendor and OEM. Fill it in for your chip, OS or product and take it to a test lab who is part of this program. You can find a list of participating test labs here.
The test lab you have selected will discuss your answers and evidence in an interview style assessment. If the test lab considers the completed questionnaire and interview to be a “pass” they will provide it to a scheme moderator to perform some double checks and then your product will be given a unique reference by the lab and a digital certificate added on this website.
The best way to get started on PSA Certified Level 1 is to download the questionnaire and the step by step guide.
To showcase your product in the Certified Products page, with a picture and brief description, please fill out this form.