Secure Thingz announced Compliance Suite, a set of tools and training specifically targeted to provide embedded developers with a simplified path to building applications that are compliant with the European EN 303645, UK & Australian 13 Best Practices, and the evolving US Cybersecurity Improvement Act (NISTIR 8259).
Compliance is a challenge for every organization working in the fast-moving Internet of Things domain; given that most applications are unique, and that formal certification methodologies are both costly and time-consuming. To this end the IoT Security Foundation, a non-profit industry association, developed their IoT Security Compliance Framework, enabling organizations to build a self-certification methodology that meshes with the 13 Best Practices captured in the UK and European Secure by Design guidelines. The Compliance Suite from IAR Systems and Secure Thingz includes a set of development tools and Preconfigured Security Contexts that enables developers to rapidly implement core aspects of the guidelines, such as moving from passwords to certificate-based identification; the implementation of update policies; and the use of advanced device-specific security enclaves to protect provisioned information. Coupled with these tools is a set of training and support resources linking the functional requirements with the certification requirements identified in the IoT Security Foundation Compliance Questionnaire, ensuring a rapid implementation that meets international requirements.
Compliance is a great step towards formal 3rd party certification, such as Global Platform Security Evaluation Standard for IoT Platforms (SESIP), and the Arm PSA requirements. By implementing the IoT Security Foundation Compliance Framework, developers are aligning their organizations with the best-in-class methodologies, enabling them to achieve and surpass the evolving industry requirements.
The Compliance Suite from IAR Systems and Secure Thingz delivers a set of security development tools to extend the development toolchain IAR Embedded Workbench. The Suite includes the security development tool C-Trust, plus a set of Preconfigured Security Contexts for both mainstream microcontrollers and advanced security devices. It importantly also includes a suite of training covering secure implementation to achieve compliance and organizational vulnerability disclosure. More information about IAR Systems’ security offering is available at www.iar.com/security.
IAR Systems is participating in embedded world digital, March 1-5, 2021, to showcase its latest technology.