In today's highly interconnected world, the security capabilities of Internet of Things (IoT) devices are more critical than ever. As Industrial IoT (IIoT) and smart home technologies continue to advance, ensuring robust security design is essential to protect sensitive data and maintain user trust.
This article explores the vital certifications and standards that underpin the security of IIoT and Smart Home devices including:
By understanding and adhering to these certification and compliance requirements, developers can build secure, reliable and connected products that meet the highest security benchmarks.
SESIP is a security evaluation methodology tailored for connected devices. Most relevant SESIP Assurance Levels for wireless products are SESIP-2 and SESIP-3.
SESIP-2 provides a moderate level of assurance. This level involves black-box penetration testing, which is the highest level applicable to a closed-source platform. For example, IW610 is SESIP-2 Certified.
SESIP Assurance Level 3SESIP-3 offers a substantial level of assurance. This level includes traditional white-box vulnerability analysis, structured around a time-limited source code analysis combined with a time-limited penetration testing effort. For example, RW612 is SESIP-3 Certified.
NXP, as a Wi-Fi / Bluetooth / 802.15.4 solutions provider, can showcase SESIP certification to demonstrate their connectivity SoCs/IPs meets mandated security functional requirements (SFRs), such as secure boot and secure communication.
Device OEMs can reduce their product certification burden by reusing SESIP-certified components.
PSA Certified requires strict adherence to the Platform Security Architecture (PSA) as defined by Arm. PSA certification demonstrates robust software isolation, secure boot, cryptographic operations and resistance to basic attacks.
PSA Level 2 provides protection against remote, scalable software attacks and is suitable for IoT devices that are unlikely to be under physical attack.
PSA Level 3 offers protection against physical attacks as well as software attacks. This is ideal for devices that are of higher risk to multiple attack types, such as smart locks and payment systems.
While PSA uses the SESIP evaluation methodology, the key difference is that PSA measures compliance with ARM’s reference architecture, while SESIP is more flexible in defining the scope of security functions
SESIP is the framework, while PSA is the branding/application from ARM
The RW612 Wireless MCU provides differentiated security compliance with both PSA Certified Level 3 and SESIP Level 3. Learn more about the RW612.
The Radio Equipment Directive (RED) specifies essential requirements for radio-enabled devices in the EU, particularly under Article 3(3) which focuses on cybersecurity, privacy and fraud prevention.
Starting from August 2025, the following mandatory requirements will be enforced:
| Article 3.3 (d) Network protection, aiming to prevent and mitigate attacks over the network. |
Article 3.3 (e) Privacy protection on all radio equipment capable of processing personal data. |
Article 3.3 (f) Fraud protection on internet-connected devices with money transfer capabilities. |
|---|---|---|
| Access control | Access control | Access control |
| Authentication | Authentication | Authentication |
| Secure updates | Secure updates | Secure updates |
| Secure storage | Secure storage | Secure storage |
| Secure communication | Secure communication | Secure communication |
| Cryptographic key management | Cryptographic key management | Cryptographic key management |
| No known exploitable vulnerabilities | No known exploitable vulnerabilities | No known exploitable vulnerabilities |
| Event logging | Event logging | |
| Best practice cryptography | Best practice cryptography | Best practice cryptography |
| Configuration and documentation of network interfaces | Configuration and documentation of network interfaces | Configuration and documentation of network interfaces |
| Limit exposure of services via related network interfaces | Limit exposure of services via related network interfaces | Limit exposure of services via related network interfaces |
| Input validation | Input validation | Input validation |
| Resilience | Data erasing | Input validation |
| Traffic control | User notification | Equipment integrity |
These requirements aim to enhance the cybersecurity attributes in devices aiming to provide better assurance and reliability of radio equipment, making them safer for users and networks alike.
NXP's latest Wi-Fi solution, the IW610 Wi-Fi 6 Tri-Radio, is RED certified. View the IW610 here.
IEC 62443 is a multi-part standard for securing Industrial Automation and Control Systems (IACS), divided into parts for components, systems and organizational processes. Chip vendors can certify individual components to IEC 62443-4-2 through labs like TUV, DEKRA.
FIPS 140-3 is the latest version of the Federal Information Processing Standards for cryptographic modules, succeeding FIPS 140-2.
CAVP certifies individual cryptographic algorithms like AES, SHA and ECC. It is a prerequisite for FIPS 140-3 certification. Chip vendors often precertify their cryptographic IP via CAVP before integrating it into a full module for CMVP certification.
To claim FIPS support, a module must be listed in the NIST Crypotographic Module Validation Program (CMVP), which involves independent testing and lab submission.
FIPS-compliant cryptographic libraries used in controllers (for example, Wi-Fi, Bluetooth/BLE, 802.15.4) perform self-tests on demand to verify integrity and correct cryptographic operations.
Understanding security certifications and standards is crucial for developing secure IIoT and smart home devices. These certifications not only bolster the security and reliability of connected products but also foster trust among consumers and stakeholders. As the IoT ecosystem continues to evolve, proactively staying ahead of security standards will be pivotal in safeguarding the future of connected technologies.
Vijay Raj Ramaratinam has over 20 years of experience in the semiconductor industry and has served in a variety of roles ranging from product development, application engineering to product management. He is currently product manager for Wireless Connectivity 1x1 Wi-Fi, Bluetooth, 802.15.4 combo solutions, focused on the Smart Home and Industrial markets.