The assessment has been conducted by the independent security lab, Brightsight, which is fully licensed by TrustCB, a commercial Certification Body specialiSing in certifying IoT security products.
SESIP defines a standard for independent certification of the security of IoT devices. End users can rely on devices’ independently audited security claims, while device developers can cost-effectively meet their customers’ security requirements by using pre-certified components.
Secure Thingz’ Secure Boot Manager (SBM) is a secure bootloader for microcontrollers, which delivers a set of core features including the implementation of a formal Root of Trust plus robust lock-down of the device, provisioning and management of cryptographic keys, and fully authenticated loading of applications, patches and updates.
The SBM is implemented dynamically based on developers’ decisions and device-specific functionality. It is a component of C-Trust, implementing secure development into the development toolchain IAR Embedded Workbench, and the Security from Inception Suite, providing a unique set of tools and services for implementing and customizing security in embedded applications.
Independent security audit and certification of IoT devices help operators to manage cyber risks through procurement policies, insurance, and improved visibility into supplier security claims. Certification is also critical when it comes to demonstrating compliance with emerging legislation and regulatory frameworks. The SESIP certification looks to provide a framework for compliance covering many best-practices guidelines and regulatory requirements, including the US (NIST) NISTIR 8259 recommendations, the EU (ETSI) EN303645 European Standards, the UK regulatory proposals for Consumer IoT security, plus the Oregon and California (SL-327) IoT security and data collection laws.
“We are very pleased to have our capability confirmed by this certification for the Secure Boot Manager,” said Haydn Povey, CEO, Secure Thingz. “The certification of low-level software components in an embedded system is a critical step in enabling security in the IoT to become truly scalable, and the ability to harness this within a tools-based environment ensures that thousands of developers can quickly and easily implement secure products to meet the upcoming legislative challenges.”