PSA Certified has a three-tiered model of assurance, which goes from ensuring good practices have been followed to deep evaluations with state-of-the-art software and hardware attacks.
PSA Certified helps device manufacturers to choose the appropriate level of security assurance and robustness for their product (including its chip and software), according to their market needs and its use case.
Applus+ Laboratories is a member of PSA Certified, and an accredited lab for evaluating IoT products to get PSA Certified. We can provide services for the three levels to device manufacturers, software developers and silicon vendors.
PSA Certified Level 1 is for device, software and chip vendors
who want to demonstrate that good security principles have been applied.
- It is based on an independent security assessment that reviews security implementations.
- In order to help reducing fragmentation, PSA Certified Level 1 aligns with major global guidelines and legislations including ETSI EN 303 645, NIST 8259A, and Californian State Law SB-327.
- Reuse Certifications for Market-Specific Standards: PSA Certified Level 1 certification can be reused in other industry certification schemes, enabling alignment with end market and vertical applications. IoXt Alliance and UL recognize PSA Root of trust as a way to obtain a fast-tracked certification.
PSA Certified Level 2 is for chip vendors
who want to use independent testing to show that their PSA-RoT security component can protect against scalable, remote software attacks.
- Provides security assurance suitable for many mass-market IoT solutions, backed by an independent laboratory evaluation.
- Evaluation takes less time (and has a lower cost) than PSA Certified Level 3, a factor that may be key in the product development schedule.
PSA Certified Level 3 is for chip vendors
who want to provide evidence that the PSA-RoT protects against substantial hardware and software attacks.
- This higher level is aimed at IoT solutions that must protect high-value assets; solutions particularly susceptible to attack due to potential economic gain or brand damage; solutions that are physically accessible and thus require protection against hardware attacks.
- Our laboratory will conduct a white-box evaluation that includes vulnerability analysis and pentesting.
- Protection Profile: PSA-RoT Level 3 Protection Profile or PSA-RoT Level 3 SESIP Profile.