Dear PSA JSA Members and PSA Certified partners,
When we launched PSA Certified in 2019, we had a mission to create a “Root of Trust for the World” and encourage security by design best practice. We wanted the chip industry to move to test lab-based evaluation of their RoT and to make the connected device maker’s life easier by reducing fragmentation of regional security requirements. Today, almost four years on, the PSA Certified ecosystem has built a successful security evaluation scheme, with 135 certifications published. Thank you especially, to all PSA JSA members for making this possible by creating the specifications and meeting weekly to continuously improve the scheme.
Of course, the success is bigger than the numbers show. Together, we have created the leading scheme for a System on Chip’s Root of Trust and moved the market from dysfunctional and fragmented situation, to become one where many of the World’s leading chip vendors are getting their chips evaluated at PSA Certified Level 1, PSA Certified Level 2 or PSA Certified Level 3.
PSA Certified’s early success was mostly in the microcontroller market. However, 2022 was a significant turning point where we saw growing interest from chip vendors for their applications processors (MPUs) to also become PSA Certified. In the last few weeks, I was pleased to see automotive solutions from Qualcomm and Digital TV chips from LG add new vendors and markets to the scheme. There is also a growing trend for Linux platforms such as Amazon’s Greengrass and Canonical’s Ubuntu to become PSA Certified and this will help device makers get products certified with minimum effort. This shows that PSA Certified is fast becoming a whole of market scheme, applying to any connected device.
The PSA JSA published new and updated resources last year, including SESIP profiles for the chip’s Root of Trust. This work enabled us to launch PSA Certified Level 2 + Secure Element bringing the worlds of on-chip TEE’s and Secure Elements together (either external or integrated SE). We look forward to seeing certifications later this year.
In 2022, we also launched a brand-new online PSA Certified Level 1 questionnaire, offering more support, guidance and examples, to aid developers fill in their responses. This format provides an “at a glance” way of seeing how the requirements relate to NIST and ETSI cybersecurity baseline requirements.
As we look ahead, we’re excited about what 2023 has in store. Along with celebrating four years of PSA Certified, we will continue to update and maintain the PSA Certified scheme. In particular, we will be updating PSA Certified Level 1 to include requirements from emerging law such as the European Cyber Resilience Act & RED.
Thank you for helping grow PSA Certified in 2022 and I look forward to working with you to create further success. I wish you a happy new year!