Five years ago, we established PSA Certified because we believed that if industry leaders united, we could break down the barriers that stopped some companies from adequately protecting their products from cyberattacks. Our four-step framework and independent evaluation scheme were developed to help them build the right level of security into their devices and assure their customers that they were following best practice.
In the years that have followed PSA Certified’s launch, the industry has responded to the initiative with this same spirit of cooperation. So, earlier this month, we decided it was time to reflect on what we’ve achieved together so far. We travelled to Nuremberg in Germany for the embedded world exhibition and conference, which is where PSA Certified began in 2019. There, we held our first meet-up with some of the companies that have adopted the scheme.
We welcomed colleagues from 20 companies for networking and conversation about the status of security in connected devices, and what’s changed in the five years. It was great to hear about the collective progress we’ve made, and the perspectives on the challenges we’re facing and what more we can do to address them. Check out the highlights reel from the show below!
We were also proud to announce that, five years on, there are more than 90 partners involved with PSA Certified and more than 200 devices have been assessed and certified as having met the relevant security requirements. The products range from microcontrollers to modules, gateways to platforms, and Root of Trust components.
PSA Certified: the Numbers
5
PSA Certified was launched five years ago
4
PSA Certified now has four levels of certification
200
The number of PSA Certified certifications issued under the scheme
178
Different PSA Certified products in the PSA Certified catalogue
91
PSA Certified partners with PSA Certified certifications – one of the fastest growing and valuable security ecosystems
9
The number of security-conscious companies that maintain PSA Certified in the weekly steering meetings
To achieve certification at one of four levels companies must demonstrate how they’re protecting their devices from the most common cyberattacks. If successful, the endorsement they receive highlights their commitment to security and it provides further evidence of the importance of partnerships to securing the Internet of Things.
In this case, software developers and device manufacturers can leverage and build on the expertise of the certifying company by choosing to use the components that have been independently assessed as having security built in.
Recognising Progress at Different Levels of Robustness
The PSA Certified Levels enable right-sized security for all different use cases. In fact, we’ve seen adoption at all PSA Certified levels in the last twelve months, and at Embedded World it was fantastic to recognise partners who have achieved new levels in the last twelve months. They included:
PSA Certified Level 1 – aligns with industry best practice and cybersecurity regulations.
- Texas Instruments achieved PSA Certified Level 1 for its MSPM0L122x and MSPM0L222x microcontrollers.
- ADLINK Technology Inc.’s ADLINK I-Pi SMARC IMX8M Plus computer-on-module was also certified at PSA Certified Level 1.
PSA Certified Level 2 Ready – pre-certification assessment for IP providers.
- PUFsecurity Corporation’s PUFcc crypto coprocessor IP is PSA Certified Level 2 Ready, according to the independent security evaluation laboratory, SGSBrightsight, which carried out the assessment. At PSA Certified Level 2 Ready, labs are looking at the chip’s Root of Trust (RoT), which is an important security component. You can learn more about PUFsecurity’s implementation of the RoT here.
PSA Certified Level 2 – protects against scalable, remote software attacks.
- Realtek’s RTL8722F, RTL8721DA, RTL8721DC, RTL8721DG series of communication controllers are the latest products to be awarded PSA Certified certification, this time at PSA Certified Level 2.
- Nordic Semiconductor’s nRF9160™ system-in-package nRF5340™ system-on-Chip also achieved PSA Certified Level 2 recognition.
PSA Certified Level 3 – protects high-value assets from significant software and hardware attacks.
- The STM32Trust TEE Secure Manager from STMicroelectronics is just the latest of its components to achieve certification. The PSA Certified Level 3 award was presented to the company during Embedded World, but we’d like to recognise STMicroelectronics for its ongoing commitment to security and the PSA Certified scheme. Another 11 of its STM32 products are certified at PSA Certified Level 1 or PSA Certified Level 3.
- NXP Semiconductors is another company that’s adopted PSA Certified across its families of products. The company currently has 17 PSA Certified certifications. The latest to be awarded are the LPC55S36 and the RW61x (RW612 & RW610) MCUs, which have achieved Level 3 status.
PSA Certified Level 3 Root of Trust Component – IP offers substantial protection from hardware and software attacks.
- Intrinsic ID, which is now part of Synopsys, is the world’s first IP vendor to be awarded Level 3 Root of Trust Component certification for its QuiddiKey® 300 hardware IP solution. It means the technology uses a Root of Trust to help it provide significant protection from hardware and software attacks. You can read more about Intrinsic ID’s approach to certification in our blog.
Introducing Something New: PSA Certified Level 4
Other developments, also announced at embedded world, included the addition of a fourth level of certification for PSA Certified, which was included in response to advances in artificial intelligence (AI).
At PSA Certified Level 4 iSE/SE, a secure enclave or secure element is used to safeguard AI models and data from sophisticated attacks. Infineon, a partner we’ve worked with from the outset of PSA Certified, is the first company to design for this new standard. Its PSOC™ Edge E8x MCU product family is currently being evaluated. Erik Wood, Senior Director, IoT Secure MCU Products at Infineon said in a recent media release:
Quote
In the age of AI, the risks of insecurity are immense and increasing. I’ve backed PSA Certified since launch and I am impressed by its success in uniting the technology ecosystem around the common goal of improving trust and security within the connected device ecosystem, while aligning to emerging government standards and legislation. The launch of PSA Certified Level 4 iSE/SE takes that one step further. With this new level, the electronics industry is better able to protect against the growing advancement of attack methods driven by the explosion of machine learning, generative AI and LLM.
Looking to the Future
Embedded World is an important event for us – not just because of the developments highlighted above but also because it gives us a chance to hear from our partners. This year, many people told us that they’re preparing for the new cybersecurity security laws and baseline requirements that are being introduced, in the UK and EU, in particular.
PSA Certified Level 1 helps companies align with the major security requirements worldwide, and we saw many examples of certified components that comply with those regulations at embedded world. It was a reminder of our partners’ proactive approach to securing connected devices and the progress we’ve made as an industry over the past five years.
We’d like to thank everyone who helped to make the event in Nuremberg a huge success. We look forward to meeting our partners and new collaborators in Germany again next year.
In the meantime, the conference may have ended, but we have a lot more security-focused content on the way. Keep in touch with us to learn more.