For inquiries about GlobalPlatform or website assistance, contact secretariat@globalplatform.org.

GlobalPlatform MCU Protection Profile simplifies IoT security & certification

Support any device based on a secure MCU that needs a Root of Trust and secure environment to protect applications’ critical assets

 07 February 2022 – GlobalPlatform, the standard for secure digital services and devices, has published a new protection profile for Microcontroller Units (MCUs) to help IoT component and device manufacturers to build, certify and launch secure technologies and services. The document is the latest update to GlobalPlatform’s Security Certification Program and defines a set of security objectives and requirements for an MCU to answer to a specific level of protection and robustness, so solution providers can effectively manage risk and demonstrate the trustworthiness of products in line with regulations.

“Adoption of MCU technology is growing rapidly in IoT as device makers and solution providers seek out increasingly flexible solutions that can deliver a set level of security,” said Gil Bernabeu, GlobalPlatform Technical Director. “By aligning our protection profile with Common Criteria EAL2+, GlobalPlatform is making it easier for solution providers to evaluate the security services available on a device to simplify the deployment of services.”

 

As the use of digital services continues to proliferate, the newly released PP will address the need for consistent and verifiable security. It offers a simple framework for:

  • Security laboratories to evaluate the security of MCU-based products, and validate conformance with security, regulatory and data protection mandates, such as the European Cybersecurity Act.
  • Silicon and MCU vendors to demonstrate their products are secure for use across all connected consumer device use cases and verticals.
  • Device manufacturers to determine the trustworthiness of components, and select a solution with the required features to protect apps and digital services on their devices.

The new protection profile is a generalization of GlobalPlatform’s current TEE protection profile, removing specific references to applications to cover other software types, such as operating systems and virtual machines. Additionally, other secure component technologies, such as Secure Elements and Trusted Execution Environments, can be added to an MCU to meet the specific security needs of a device.

“In expanding our work to support the evaluation of MCUs, GlobalPlatform is responding to the needs of a rapidly changing IoT ecosystem by offering a clear security benchmark against which manufacturers can build, labs can certify, and vendors can select devices,” added Gil.

The MCU Protection Profile builds on 10 years of GlobalPlatform work on security evaluation and certification. Learn more.

 

 

 

 

 

Back to Archive

If you are a media representative, analyst, or conference organizer with a question, please email us at: pressoffice@globalplatform.org

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
DOWNLOAD
FIREFOX
DOWNLOAD
MICROSOFT EDGE
DOWNLOAD