STM32Trust

Overview
Security functions
Security services
Security assurance
Standard & Regulation
Partners
Developer resources

Security standards and regulations are actively working on improving the security of IoT objects. Connected objects are both regulated by specific regional regulatory frameworks and their applicative contexts, a source of complexity for designers. A nonexhaustive list of main regulations is provided below. A deeper analysis is required depending on the project.

Banner image promoting whitepaper on choosing a microcontroller and Root of Trust certified SESIP level 3, with a 'Download whitepaper' button

Standard and regulation description

SESIP Security Evaluation Standard for IoT Platforms (SESIP), by GlobalPlatform, provides five trustworthy assessment steps to evaluate the security level of IoT devices.
PSA PSA Certified provides a comprehensive methodology to determine the level of security of IoT devices. PSA Certified is helping to unlock the possibilities of a connected world.
IoXT The mission of the ioXt Alliance is to build confidence in IoT products through multistakeholders, international, harmonized, and standardized security and privacy requirements, product compliance programs, and public transparency of those requirements and programs.
RED The radio equipment directive 2014/53/EU (RED) establishes a regulatory framework for placing radio equipment on the market. It ensures a single market for radio equipment by setting essential requirements for safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum. It also provides the basis for further regulation, governing some additional aspects. These include technical features for the protection of privacy, personal data, and against fraud.
CRA The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
CSA
    Cyber security Act
  1. Granting a permanent mandate to ENISA (European Union Agency for Network and Information Security); and
  2. Setting out a European cyber security certification framework for ICT (information and communications technology) products, services, and processes. The standard must be applied across the EU, starting June 28, 2021.
IEC 62443 The ISA/IEC 62443 series of standards define requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS). These standards set best practices for security and provide a way to assess the level of security performance. Their approach to the cybersecurity challenge is a holistic one, bridging the gap between operations and information technology as well as between process safety and cybersecurity.
EN 303 645 EN 303 645: The European Standard on connected device security

ST experts are taking all the necessary steps to make sure STM32Trust aligns with all the above standards and regulations in a timely manner. Please refer to the STM32Trust security assurance page to learn more.

Products

Search History

Bookmark

Please log in  to show your saved searches.