PSA Certified

The Certification Program

The fourth and final stage of the PSA Certified framework enables you to test your products before they reach the market and demonstrate that commitment to security to your customers. IoT chipsets and devices are tested in independent laboratories to evaluate their level of security (you cannot self-certify). It focuses on the security requirements of the generic parts of IoT products and combines this with a multi-level evaluation scheme. This ensures IoT products are built to a consistent set of security principles. Additional security features can be assessed for products requiring additional measures.

A Multi-Level Security Certification Program

The multi-level assurance scheme recognizes that your security requirements will stem from your analysis of the threats to your device (for more information on this, please review stage 1, Analyze) and helps you ensure you have the right level of security built in. There are three progressive levels of security certification:

PSA Certified Level 1

  • Assesses security principles-based design using a security questionnaire
  • Applicable to chip vendors, system software providers and device manufacturers
  • Methodically developed using IoT threat models, security goals and key government and industry regulations and standards from around the world
  • Concise questionnaire - less than 50 questions, followed by a review by a laboratory
  • Composite format with separate sections for chip, OS and device

PSA Certified Level 2

  • Lab-based evaluation of a chip's PSA Root of Trust security component
  • Provides evidence of protection against scalable, remote software attacks
  • Applicable to chip vendors
  • Implementation agnostic - based on PSA Certified Level 2 PSA-RoT Protection Profile
  • Evaluation time is less than 25 days, so it is time-efficient and affordable
  • PSA Certified Level 2 Ready pre-certification available for hardware, software and chip vendors to show adherence to some of the PSA Certified Level 2 requirements

PSA Certified Level 3

  • Lab-based evaluation of a chip's PSA Root of Trust
  • Demonstrate substantial security assurance and robustness
  • Provides evidence of protection against physical and software attacks

PSA Functional API Certification

PSA Functional API Certification is a separate certification that demonstrates that the APIs are available and are being used correctly. Silicon and system software vendors can pursue certification to show their products maintain best practice in this area.

Getting Certified

PSA Certified provides security assurance for the whole IoT ecosystem.