Compliance Suite for STM32

Compliance Suite for STM32 includes security development tools and practical guidance, delivering a shrink-wrapped solution for organizations to ensure security legislation assurance in IoT applications.

With new legislation for IoT security and privacy rapidly being introduced globally, compliance according to these regulations is a challenge for organizations and developers working with embedded applications. For your existing or new application, this means that it has to meet a new set of baseline standards. The good news is that we can help you to comply with the new regulations. Compliance Suite is what you need!

Overview video

Get an overview of the Compliance Suite for STM32 and the included software in this video.

日々変化するIoTセキュリティ規定

IoTセキュリティ財団と英国政府が進める13のベストプラクティスガイドラインをベースとする消費者向けIoTセキュリティ規格EN 303 645は、消費者向けIoTのセキュリティのベンチマークとして広く知られています。この規格とガイドラインのどちらにも、開発者がアプリケーションにおいて満たすべき重要なセキュリティ要件が規定されています。Compliance Suiteは、このような重要要件を有するアプリケーションの迅速なビルドを可能にします。

Compliance Suiteは、重要要件を有するアプリケーションの迅速なビルドを可能にします。

Secure Thingzは、セキュリティ・エクセレンスの実現に向けて取り組む非営利団体IoTセキュリティ財団の創立メンバとして、5年にわたりベストプラクティスの作成、コンプライアンス、脆弱性の開示に携わってきました。

 

13のベストプラクティスとは?

  • IoTセキュリティ財団が定義
  • 英国政府が採用
  • EUのETSI EN 303 645が採用
  • 米国のサイバーセキュリティ改善法がサポート
cs-13-best-practices.jpg

13のベストプラクティスの使用

Compliance Suiteに含まれている予め設定されたセキュリティコンテキストは、ベストプラクティスの広範な要件に対応しています。

事前設定されたセキュリティコンテキストにより、信頼できる実行環境の設定が定義されます。これにはIP盗難、マルウェア注入、不正アクセス、コピーや偽造などの脅威からアプリケーションを守るために必要な、セキュリティや暗号化に関するすべての設定が含まれています。この革新的なテクノロジにより、開発者は現在そして将来にわたり、アプリケーションを制御することができます。

Included in Compliance Suite

Tools

Compliance Suite for STM32 is specifically designed for applications based on the STM32 family of MCUs from STMicrolelectronics. To use it, you need a license of IAR Embedded Workbench for Arm.

  • Preconfigured Security Context - Ensuring all necessary security and encryption are automatically included in your application
  • Secure Boot Manager - Securing the overall boot process to protect the device
  • C-Trust - Extension to IAR Embedded Workbench for Arm enabling secure, encrypted code
  • C-STAT - Static code analysis tool ensuring code quality

Supported devices: STM32F405, STM32F407, STM32F412, STM32F429, STM32F777, STM32L475, STM32L4R, STM32L4S5, STM32L5, STM32H725, STM32H735, STM32H743, STM32H753, STM32H7A3, STM32H7B3, STM32WB55

Practical guidance

Unique package of courses with hands-on guides led by Secure Thingz’ in-house security experts. Topics include:

  • Introduction to Embedded Security
  • Security Development Workflow
  • Legislation and Compliance Requirements
  • Meeting the IoT Security Foundation Compliance Framework

Practical guidance included

Unique package of courses with hands-on guides led by Secure Thingz’ in-house security experts. The package includes a full day of training, divided in different parts based on topic.

FAQ

Our most common questions about Compliance Suite.

What is Compliance Suite for STM32?

Compliance Suite has been created to enable a fast and easy on-ramp introduction to security based on Preconfigured Security Contexts, tools to get you started, and Practical Guidance in the form of an online training package.

The Security Context is built by Secure Thingz on your behalf, based on a high security requirement and customized to your company. A Secure Boot Manager will be provided as a binary file, as part of the Security Context, to be used in the development tool C-Trust enabling your application to be secure and encrypted.

How is the Practical Guidance training package delivered?

The package of courses is targeted at the security requirements demanded by EN 303645 and the IoT Security Foundation Assurance framework, including a deep dive into the individual hardware and software component requirements.

The course package is delivered through the online IAR Academy platform. We have created a training package that you should be able to go through in a day, but you can also choose to split the learning over several days or sessions. The content is highly technical and in case you have questions, we are available for you to provide answers.

Can the Security Context be used in production?

The Security Context in Compliance Suite should be seen as a first step and mainly for development purposes. While it can be used in production, we would recommend you take ownership of your own Security Context when going into production. For this, you need the additional product Embedded Trust.

Some critical context setups, such as Device Lockdown, are not configured in the default Security Context.

Can I replace the keys/certificates for my own PKI?

No - Customization of keys and certificates is not the purpose of Compliance Suite. The Security Contexts included in Compliance Suite are implemented to support the compliance requirement learning.

What is the precise device support for Compliance Suite for STM32?

The Compliance Suite for STM32 supports standard Root of Trust implementation on the following devices: STM32F405, STM32F407, STM32F412, STM32F429, STM32F777, STM32L475, STM32L4R, STM32L4S5, STM32L5, STM32H725, STM32H735, STM32H743, STM32H753, STM32H7A3, STM32H7B3, STM32WB55.

SFI technology is primarily utilized in mass secure provisioning and is not supported in Compliance Suite. We do have other options if you wish to use SFI, please reach out to us to discuss your needs!

Interested in buying Compliance Suite?

Fill out this form with your needs and requirements, and our sales team will contact you to guide you and give you a price offering tailored for your needs. We look forward to your request!

Already an IAR Embedded Workbench user?

* read our Privacy policy

申し訳ございませんが、このページは日本語化されておりません

ご質問がある場合は、日本セールスチーム からお願いいたします。

申し訳ございませんが、弊社サイトではInternet Explorerをサポートしていません。サイトをより快適にご利用いただくために、Chrome、Edge、Firefoxなどの最新ブラウザをお使いいただきますようお願いいたします。