Confidential © 2019 Brightsight

PSA Certified China

Kai-Fan Chang

9th July 2019

Certified IoT components:

the root of trust for a secure,

compliant ecosystem

Confidential © 2019 Brightsight

Solving Existing Security IoT Problems

IoT (OEM) developers are experts on services and product execution, not on

security

Security providers of SW and HW need to differentiate themselves: gain

visibility and recognition in the IoT ecosystem

Lack of IoT product security comes at a price: hundreds of norms and

regulations introduced around the world

Confidential © 2019 Brightsight

EU certification landscape

eIDAS = Digital Transactions

GDPR = General DATA Protection (Analog / Digital)

e-Privacy regulation = Digital Privacy

CSA = IoT Cyber security Trust Mark for devices

NIS Directive = Cyber security for Critical Infrastructure

e-Health Finance Industry 4.0 Government

PSD2MRD

e-Invoicing

CSA = Cyber security substantial and basic

MiFID II

BSPA, CSPN, CPA, etcIEC 62443

…Trade secrets directive Data Flow directive

Confidential © 2019 Brightsight

Common requirements

Core IoT Cybersecurity Capabilities Baseline

Se

cto

r A

Se

cto

r B

Se

cto

r C

Se

cto

r D

Ve

rtic

al A

Ve

rtic

al B

Ve

rtic

al C

https://www.nist.gov/sites/default/files/documents/2019/02/01/final_core_iot_cybersecurity_capabilities_baseline_considerations.pdf

https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot

Confidential © 2019 Brightsight

IoT Platforms certification

IoT product

Application Software

IoT Platform

IoT Platform (SW)

IoT Platform (HW)

Security

expertise

needed

Number of

evaluations

Confidential © 2019 Brightsight

Embedded World 2019

Confidential © 2019 Brightsighthttps://www.psacertified.org/certified-products/

…

20 out of 26 certificates from Brightsight

Confidential © 2019 Brightsight

Success stories： Lierda & STM

IoT Platform

IoT Platform (SW)

IoT Platform (HW)

Certified RTOS TTS

Certified Chip STM32 L5

Making use of security

functionalities provided by

a certified chip

Confidential © 2019 Brightsight

arm TechCon 2019We are looking for partners for PSA (L2) pilots!

October 8-10, 2019 | San Jose Convention Center

Confidential © 2019 Brightsight

Focus on devices with a PSA Root of Trust

Any Architecture

PSA Level 1 – whole SoC/SW/Device scope

with a security questionnaire

Has a Level 2 and a Level 3 PSA-RoT

Protection Profile

Compatible Levels with SESIP

Working in GlobalPlatform

PSA Certified & SESIP

Flexible evaluation methodology

Any target, any Architecture

Accredited test lab based

Bring your own Security Target

Five assurance levels

4 attack profiles

Compatible levels with PSA Certified

Working in GlobalPlatform

Confidential © 2019 Brightsight

one solution to many problems

Platforms Products

Automotive

Industrial

Energy and infra

Confidential © 2019 Brightsight

Kai-Fan Chang

chang@brightsight.com

www.brightsight.com