Certifications

EdgeLox security aligned with domain certifications and cybersecurity legislations

(Note that EdgeLox has not acquired these certifications formally, but has been closely following and aligning with them)

Cellular Telecommunications Industry Association (CTIA) IoT Security Certification

https://blog.rapid7.com/2018/08/28/lessons-and-takeaways-on-ctias-recently-released-iot-security-certification-program/

We are seeing more and more efforts put in place to form some third-party certification standards and structure. Government officials have proposed certification programs, such as Sen. Ed Markey’s Cyber Shield Act, and numerous agencies have also published standards and guidelines for IoT security.To expand on these efforts, the Cellular Telecommunications Industry Association (CTIA) recently announced a new cybersecurity certification program for cellular- and Wi-Fi-connected IoT devices

There are currently three defined categories in the CTIA certification program. Here is a high-leveloverview of those categories:

Category 1

  • Terms of services and privacy policies (must address end of security support)
  • Password management
  • Authentication
  • Access controls
  • Patch management
  • Software upgrades

Category 2 (Includes Category 1 criteria)

  • Audit log
  • Encryption of data in transit
  • Multi-factor authentication
  • Remote deactivation
  • Secure boot
  • Threat monitoring
  • IoT device identity

Category 3 (Includes Category 1 and Category 2 criteria)

  • Encryption of data at rest
  • Digital signature generation and validation
  • Tamper evidence
  • Design-in features

Cyber Shield Act – voluntary cybersecurity standards program for the Internet of Things (IoT)

https://blog.rapid7.com/2017/06/26/legislation-to-strengthen-iot-marketplace-transparency/

Legislation to Strengthen IoT Marketplace Transparency
We will be selectively going after specific recommendations of the Cyber Shield Act

National Institute of Standards and Technology (NIST) Cyber-Security Initiatives for IoT

https://www.nist.gov/itl/applied-cybersecurity/nist-initiatives-iot

We will be selectively going after specific recommendations of NIST