Getting Started with Security Design

The PSA Certified Framework

IoT security is constantly evolving so PSA Certified continuously raises the bar of security, making sure the most common hacks are mitigated through a security framework for the IoT sector. Initially introduced by Arm in 2017 as the Platform Security Architecture or PSA, it was designed to help developers build in the right levels of security to connected IoT devices. It has since evolved into a four-step process. In 2019, Arm joined other industry leaders to form PSA Certified. The PSA Certified framework provides the “recipe” to design-in best practice security in four steps.

The PSA Certified framework provides the “recipe” to design-in best practice security in four steps


The first stage involves the analysis and identification of the security requirements for your specific use case. At this stage, we recommend a threat model is completed to establish the security requirements for the product or solution. PSA Certified provides examples of these in an editable format for IoT device makers.


With the security requirements defined, the security architecture should be considered. For device manufacturers, this may mean choosing a certified chip with the appropriate robustness for your use case. For silicon and software vendors, the PSA Certified founders have published a set of architecture specifications.


During the implement stage, PSA Certified components are integrated together. Application software and APIs are used to ensure communication with underlying security features within the silicon so that device manufacturers can leverage hardware security. For silicon and software vendors, ecosystem partners provide reference implementations including Trusted Firmware that supports the integration of PSA Functional APIs.


The final step is an independent security assessment by the third-party evaluation labs. Certification is carried out for chips (providing three levels of robustness testing), system software platforms (assessing security best practices built upon a PSA Certified chip), and endpoint devices (assessing security best practices built upon a silicon Root of Trust). Read on to learn how certification can benefit your business.

How Certification Can Help Your Business

The PSA Certified 2021 Security Report found 85% would be interested in industry collaboration and cross-market knowledge sharing regarding IoT security. We are continuing the align and expand the security ecosystem. Whether you’re creating a certification that can be consumed by a device manufacturer or are a manufacturer using pre-certified silicon and software, the independent certification builds trust, clear verification from a third-party evaluation lab and a simple way to communicate security implementations and build customer confidence. This dramatically reduces security time and effort, moving the focus onto product functionality and innovation.

PSA Certified and the Root of Trust are widely acknowledged across the electronics industry by leaders driving business assurance at scale

Mapped to Regional Standards

PSA Certified is aligned to NIST and ETSI, with a mention of PSA Certified in the NIST cybersecurity requirements. This mapping enables scalable deployments and reduces the fragmentation of standards.

Supported by Key Industry Requirements

UL, ioXt, and DLC recognize PSA Certified as the foundational Root of Trust and recognize certifications in product evaluations. This further enhances device security for the whole IoT ecosystem.

Backed by Leading Cyber Insurance Companies

Backing from leading cyber insurance provider, Munich Re, provides business assurance and the backing to innovate.

PSA Certified represents a clear example of industry best practices for device security that insurers, such as Munich Re, can use to better understand and quantify cyber risk in IoT deployments and deliver business assurances at scale.
ioXt has selected PSA Certified as a foundational Root of Trust scheme and will recognize it in its product evaluations
UL will recognize PSA Certified as a fast-track for achieving UL’s Secure IoT Component Qualification

Mass adoption from the technology ecosystem is lowering the total cost of ownership

The PSA Certified framework provides a systematic approach to security that builds in security from the ground up, reducing troubleshooting and security patching after deployment.

Every part of the value chain; silicon, software, and endpoint device, is responsible for the specific security requirements for that component.

Certification enables informed decision-making for customers. Security is verified for each components and allows security efforts to be consumed further up the value chain.

Consumer certifications to reduce time and effort

Framework built on security best practices

Recognized by UL and ioXt as a foundational Root of Trust

Third party certification increases customer confidence

Lower total cost of ownership of IoT devices

Mass adoption from the technology ecosystem

Reduced fragmentation of standards and regulations

Backed by leading insurance companies, providing assurance

Certification has benefits across the whole ecosystem from the silicon providers building in a Root of Trust to the end consumers who can trust that security has been considered in the products they use. This trust extends to insurance providers, government and end enterprises.

Share this page

The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo featured on this website are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned on this website may be the trademarks of their respective owners.

Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.

Sign Up to Receive the Latest from PSA Certified