Security standards and regulations are actively working on improving the security of IoT objects. Connected objects are both regulated by specific regional regulatory frameworks and their applicative contexts, a source of complexity for designers. A nonexhaustive list of main regulations is provided below. A deeper analysis is required depending on the project.
Standard and regulation description
| SESIP | Security Evaluation Standard for IoT Platforms (SESIP), by GlobalPlatform, provides five trustworthy assessment steps to evaluate the security level of IoT devices. |
| PSA | PSA Certified provides a comprehensive methodology to determine the level of security of IoT devices. PSA Certified is helping to unlock the possibilities of a connected world. |
| IoXT | The mission of the ioXt Alliance is to build confidence in IoT products through multistakeholders, international, harmonized, and standardized security and privacy requirements, product compliance programs, and public transparency of those requirements and programs. |
| RED | The radio equipment directive 2014/53/EU (RED) establishes a regulatory framework for placing radio equipment on the market. It ensures a single market for radio equipment by setting essential requirements for safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum. It also provides the basis for further regulation, governing some additional aspects. These include technical features for the protection of privacy, personal data, and against fraud. |
| CRA | The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. |
| CSA |
|
| IEC 62443 | The ISA/IEC 62443 series of standards define requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS). These standards set best practices for security and provide a way to assess the level of security performance. Their approach to the cybersecurity challenge is a holistic one, bridging the gap between operations and information technology as well as between process safety and cybersecurity. |
| EN 303 645 | EN 303 645: The European Standard on connected device security |
ST experts are taking all the necessary steps to make sure STM32Trust aligns with all the above standards and regulations in a timely manner. Please refer to the STM32Trust security assurance page to learn more.
