PSA Certified is providing a common language for the industry, allowing the entire value chain to work to the same requirements. The PSA Certified framework offers a standardized approach from initial IoT security design and implementation to security evaluation. It also provides a comprehensive set of free resources to help you build-in best practice security from the beginning of product development. Built by industry experts, it’s been adopted by a rapidly growing ecosystem of silicon vendors, system software providers and device manufacturers.
A Simple Four Step Process
The PSA Certified framework breaks down security design and implementation into a simple four-step process, reducing complexities and ensuring you build-in right-size security without excessive costs or increased time-to-market.
- Analyze: Analyze the threats that have the potential to compromise your device and generate a set of security requirements based on these risks. PSA Certified provides free, editable examples to help you develop a unique threat model for your product.
- Architect: Use your unique security requirements to identify and select components and specifications that allow you to architect the right level of security for your product.
- Implement: Implement the trusted components and firmware, making use of high-level APIs to build-in security and create an interface to the hardware Root of Trust (RoT).
- Certify: Following independent security evaluation, certify your device, system software platform or silicon and demonstrate your commitment to security best practice.
A Layered Approach to Security
PSA Certified takes a layered approach to IoT security offering certification for all components of a connected device, ensuring that each element has built-in security. Certifications are consumable meaning device manufacturers can leverage expertise from the value chain and build on certified silicon and software. PSA Certified status can also be reused with other security frameworks and evaluation schemes. For example device manufacturers can reuse their certificates to show mappings to regulations and silicon vendors can use their certificates to demonstrate they have a secure Root of Trust suitable for other certification schemes.
PSA Certified provides three levels of silicon security assurance to ensure right size security can be built into products. PSA Certified Level 1 is available for silicon, system software and endpoint device manufacturers, while PSA Certified Level 2 and PSA Certified Level 3 evaluate the silicon Root of Trust.
For silicon vendors, PSA Certified offers multi-level certification with increasing robustness focused on the silicon’s PSA Root of Trust.
For Software Providers
System software providers can showcase critical security principles with PSA Certified Level 1 and leverage security functions with APIs.
Join the Ecosystem That Is Revolutionizing Embedded Security
The PSA Certified ecosystem is changing IoT security, making security accessible to all. With a comprehensive security framework and layered approach to certification, the barrier to security is lowered and the whole ecosystem can align to a central anchor for all security functions – the PSA Root of Trust.