Cybersecurity IoT Standards: SESIP vs. PSA Certified

Understanding SESIP and PSA Certified

SESIP: Developed by GlobalPlatform, SESIP is a modular security evaluation standard tailored for IoT platforms. It focuses on the reuse of certified components, reducing redundancy and streamlining evaluations. SESIP’s alignment with international standards such as ISO/IEC and regional regulations makes it a versatile tool for compliance. 

PSA Certified: Led by Arm and industry partners, PSA Certified offers a comprehensive security framework that integrates security from the design stage. It provides structured guidelines for threat analysis, secure design, and independent evaluation. Notably, PSA Certified incorporates SESIP protection profiles for Levels 2, 3, and 4, enabling a cohesive evaluation process. At Level 1, PSA Certified addresses the fragmentation of IoT security standards by aligning with key global regulations. 

Key Differences and Synergies between SESIP and PSA Certified

The following table highlights the key differences and synergies: 

Market Target: Broad Platform-Based Reuse vs. Device-Level Assurance

The market targets for SESIP and PSA Certified reflect their distinct approaches to IoT security, addressing different stages of the product lifecycle and catering to varied security needs. 

SESIP: Broad Platform-Based Reuse

SESIP is designed for IoT platforms and modules that serve as foundational building blocks for multiple devices. Its modular approach emphasizes component reuse, allowing manufacturers to certify core security features of platforms or subsystems and reuse these certifications across a wide range of end products. This makes SESIP particularly suited for: 

• Chip and Platform Manufacturers: Certify their hardware or software platforms, enabling their customers to leverage certified components without duplicating evaluation efforts. 
• Industrial IoT: Enables certification of shared components like sensors and communication modules, reducing redundancy across diverse implementations. 
• Automotive and Other Specialized Industries: Aligns with standards like ISO/SAE 21434, supporting reuse in industries with shared component ecosystems and long product lifecycles. 

PSA Certified: Holistic Device-Level Assurance for IoT Products

PSA Certified provides comprehensive device-level security assurance, guiding manufacturers from the initial design phase to final product evaluation. It ensures that IoT devices, whether consumer-facing or industrial, meet robust security requirements. PSA Certified is ideal for: 

• Consumer IoT Devices: Products like smart home appliances, connected lighting, and wearables require end-to-end security to protect user data and ensure device integrity. 
• Edge Devices and Gateways: Critical interfaces between sensors and cloud services, requiring robust security to protect sensitive data. 
• Connected Infrastructure: Applications in smart cities, healthcare, and transportation benefit from PSA Certified’s assurance of device-level security, reducing risks associated with scalable attacks. 

Reducing Fragmentation of Standards and Legislation

Fragmentation of standards and regulations is one of the biggest challenges in IoT security. PSA Certified Level 1 directly addresses this by aligning with major global guidelines and legislation, including ETSI EN 303 645, NIST 8259A, and Californian State Law SB-327. Additionally, PSA Certified is actively tracking and aligning with emerging regulations such as UK PSTI, European Cyber Resilience Act (CRA), RED Directive, IEC 62443 4-2, and CSA-311. 

By maintaining alignment with current and upcoming standards, PSA Certified provides a flexible framework that reduces complexity and enhances regulatory adherence for IoT manufacturers. 

Regulatory Compliance and Industry Adoption

• Automotive Industry: SESIP is gaining traction as a reference standard in the automotive sector, aligning with industry-specific security requirements and facilitating compliance with regulations like ISO/SAE 21434. 
• Connected Lighting: The DesignLights Consortium recognizes PSA Certified as a foundational IoT security framework for the connected lighting industry, highlighting its role in enhancing security and compliance in this sector.  
• IoT Manufacturers: PSA Certified simplifies compliance with global standards, particularly at Level 1, by addressing regulations like ETSI EN 303 645, NIST 8259A, and SB-327.

Synergies Between SESIP and PSA Certified 

• SESIP Profiles in PSA Certified: PSA Certified utilizes SESIP protection profiles for Levels 2, 3, and 4. This integration allows PSA certifications to inherit SESIP certification without additional fees or testing, streamlining the process and reducing costs. 
• Component Reuse and Efficiency: SESIP’s modularity supports component reuse across products, while PSA Certified ensures a robust end-to-end approach. Together, they enable cost-effective certification pathways for manufacturers.
• Global Standardization: Both frameworks align with international standards like ISO/IEC and ETSI, ensuring regulatory compliance and broad market applicability.
• Cost and Time Savings: Certifying a PSA product automatically achieves SESIP certification for Levels 2–4, eliminating duplicative efforts and accelerating time-to-market.

Conclusion 

SESIP and PSA Certified are complementary frameworks that create powerful pathways for IoT manufacturers to achieve efficient, cost-effective, and globally recognized security certifications. SESIP’s modularity supports platform-based reuse and and it is flexible to adapt to new market needs in different industries, while PSA Certified ensures device-level security. Together, they reduce complexity, streamline compliance, and foster innovation and resilience in the IoT ecosystem, enabling manufacturers to meet diverse market and regulatory needs.