Arm Releases New Security Certifications for IoT Devices


The new multilevel hardware-based security certification for IoT devices is called PSA Certified.

Following the recent announcement of their Neoverse E1 and N1 platforms, Arm has released a new multi level hardware-based security certification for IoT devices. IoT security has been making headlines for all the wrong reasons as manufacturers continue to produce devices with gaping vulnerabilities. Cyberattacks using IoT device powered botnets are more and more common.

Kapersky Labs says that device-targeted malware attacks increased over 300% in 2018, causing monetary damage in the trillions. Arm’s goal is to give developers simple frameworks and resources that will encourage safer device development. Back in 2017, they introduced Platform Secure Architecture, and now they are launching PSA Certified, a brand-new certification layer for IoT devices.

See also: 4 predictions on blockchain and the “cyber arms race”

Its goal is to simplify the security process and provide developers with an independent authority to validate their apps. Brightsight, CAICT, Prove & Run, Riscure, and UL have partnered with Arm to establish testing protocols.

“PSA gave the industry a framework for standardizing the design of secure IoT devices, and PSA Certified brings together the leading global independent security testing labs to evaluate the implementation of these principles,” said Paul Williamson, vice president and general manager, Emerging Businesses Group, Arm. “This will enable trust in individual devices, in their data, and in the deployment of these devices at scale in IoT services, as we drive towards a world of a trillion connected devices.”

PSA Certified is made up of two elements, an API test suite and a multi-level security strength scheme. The testing is a third-party lab-based evaluation that independently checks parts of an IoT platform including the real-time OS, the device itself and the PSA Root of Trust (the integrity and confidentiality source).

There are three levels of security assurance that are assigned via analysis of threat vectors. After the testing, PSA Certified devices will receive electronically signed report cards to determine which level of security should be assigned, assisting businesses in their decision making and risk management.

So far Cypress, Express Logic, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs have all achieved Level 1 certification. To find out more about PSA Certified and the multiple independent test labs available, please visit:

Sue Walsh

About Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Leave a Reply