Secure Thingz, part of the IAR Systems Group, has teamed up with the IoT Security Foundation in the UK for a set of tools and training that give embedded developers with a simplified path to building secure applications for the Internet of Things (IoT).
The Compliance Suite helps developers produce systems that meet EN 303645, UK & Australian 13 Best Practices and the evolving US Cybersecurity Improvement Act (NISTIR 8259).
Most IoT applications are unique and formal certification methodologies can be costly and time consuming, so the IoT Security Foundation in Cambridge developed an IoT Security Compliance Framework. This enables organizations to build a self-certification methodology that meshes with the 13 Best Practices captured in UK and European Secure by Design guidelines. Secure Thingz is a founder member of the IoT Securoty Foundation.
The Compliance Suite from IAR Systems and Secure Thingz includes a set of development tools and Preconfigured Security Contexts that enables developers to rapidly implement core aspects of these guidelines, such as moving from passwords to certificate-based identification; the implementation of update policies; and the use of advanced device specific security enclaves to protect provisioned information. Coupled with these tools is a set of training and support resources linking the functional requirements with the certification requirements identified in the IoT Security Foundation Compliance Questionnaire, ensuring a rapid implementation that meets international requirements.
“We are excited to enable our customers to meet the best practice certification provided by the IoT Security Foundation Compliance Framework,” said Haydn Povey, CEO, Secure Thingz, aqcuired by Swedish development tool maker IAR Systems in 2018. “We believe that compliance with these best practices is critical in enabling IoT to be successful, in ensuring interoperability based on trust, and ensuring customer confidence.”
Compliance is a signficant step towards formal third party certification, such as Global Platform Security Evaluation Standard for IoT Platforms (SESIP), and the Arm PSA requirements. By implementing the IoT Security Foundation Compliance Framework, developers are aligning their organizations with the best-in-class methodologies, enabling them to achieve and surpass the evolving industry requirements.
“Helping the design community to implement good security for connected products is at the heart of the IoTSF’s mission and we are very pleased to see organizations such as IAR Systems and Secure Thingz embrace our Compliance Framework”, said John Moor, Managing Director of the IoT Security Foundation. ”The ability to link advanced development tools directly into the framework is a further boost that ensures developers can achieve robust security functionality, while enabling them to focus on their core application requirements.”
The Compliance Suite from IAR Systems and Secure Thingz delivers a set of security development tools to extend the development toolchain IAR Embedded Workbench. The Suite includes the security development tool C-Trust, plus a set of Preconfigured Security Contexts for both mainstream microcontrollers and advanced security devices. It importantly also includes a suite of training covering secure implementation to achieve compliance and organizational vulnerability disclosure.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.