As the demand for secure and efficient embedded solutions continues to grow, manufacturers are integrating secure subsystems into System-on-Chip (SoC) architectures. Professionals such as engineers, security architects, systems architects, and product developers involved in embedded security, secure elements (SE), SIM cards, and hardware security modules (HSMs) for 5G connected devices—such as smartphones, IoT devices, and automotive applications—need to understand Protection Profile 0117 (PP0117). The article aims to elucidate how PP0117 establishes the security framework for integrating secure subsystems into SoCs, highlights its differences from PP0084, and discusses its endorsement by the GSMA, the global authority on mobile security.What is a protection profile?A Protection Profile (PP) is a security guideline document that standardizes the development, integration, and evaluation of security mechanisms in hardware and software. PP0117 was specifically designed to define security requirements for integrated secure subsystems in SoCs, such as embedded SIMs (eSIMs) and secure elements (SEs).Before PP0117, Protection Profile PP0084 was widely used for stand-alone security components, such as SIM cards and secure elements. However, integrating these components directly into SoCs presents new challenges that PP0084 does not address, such as defining security boundaries within complex chip architectures. PP0117 was developed to overcome these challenges, ensuring strong security for integrated secure elements (iSE) in SoCs.IntroductionProtection Profile 0117 (PP0117) is a protection profile designed to facilitate the integration of a secure subsystem (3S) into large-scale System on Chip (SoC) architectures.Prior to PP0117, Protection Profile PP0084 was used to evaluate stand-alone security components such as secure elements (SE) and SIM cards. However, when integrating the logical functions of SE or similar devices into a larger SoC, the implementation constraints render obsolete some of the methods and requirements of PP0084.Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile was developed to address the security of integrated solutions and provide the industry with a unified set of clear and assessable security requirements to be fulfilled.This PP was developed under the Eurosmart association by gathering the technical committee members, including developers, labs (ITSEF), and certification bodies. The certification body selected for PP0117 is the German Bundesamt für Sicherheit in der Informationstechnik (BSI).PP0084 vs PP0117 based designsPP0084, originally designed for discrete security elements (such as SIM cards and smart card chips), assumes a physically isolated security boundary with strict interface protocols.By contrast, PP0117 adapts security guidelines for secure elements integrated into SoCs with complex internal and external interfaces. The key differences include:Credit: WinbondPP0117 ensures that integrated secure elements maintain the same level of security as stand-alone secure elements, while adapting security requirements to the realities of SoC design.There are several major differences that need to be considered when designing and evaluating a secure subsystem in a large SoC, as opposed to a stand-alone secure controller.The most notable differences arise from process constraints in device fabrication, such as the absence of embedded non-volatile storage and the difficulty in defining security boundaries. Evaluating an integrated secure subsystem is also more complex compared to a stand-alone device. This complexity stems from the numerous interfaces the integrated subsystem shares with the rest of the SoC, as opposed to a stand-alone device with limited pinouts and strict interface protocols. Consequently, all parties involved in the design, fabrication, evaluation, and utilization of such secure subsystems must adhere to a more comprehensive set of guidelines, as outlined by PP0117.A standard SE or eSIM is packaged in a small, limited pin-count package. In terms of security evaluation, this small, packaged device constitutes the Target of Evaluation (TOE). Evaluating such a device is relatively straightforward due to its limited range of connectivity and interfacing options. However, in the case of a large SoC, the majority, if not all, of the secure subsystem's interfaces are internal to the die and are seldom externalized. Additionally, there may be extra interfaces that are not typically present in stand-alone security devices, such as memory interfaces, debug interfaces, system bus interfaces, and those used for more advanced functions.PP0117 is designed to guide the development and evaluation of integrated secure functionality, defining the requirements for such interfaces and outlining methods to assess their security.PP0117 version 2 and GSMA endorsementThe GSMA (Groupe Speciale Mobile Association) is the global organization that sets security standards for mobile network security, SIM technology, and eUICC (embedded SIMs). In 2024, GSMA endorsed PP0117 as the security framework for integrated eUICC (embedded Universal Integrated Circuit Card) implementations.GSMA recently published eUICC (embedded SIM) Protection Profile V2.0. This Protection Profile allows for both discrete eUICC and integrated TRE (Tamper Resistant Element) implementations for embedded SIM/UICC implementation. The Protection Profile V2.0 references PP0117 for integrated solutions on top of PP0084 for the baseline requirements of eUICC. The GSMA's support for integrated secure subsystems that implement SIM/UICC capabilities facilitates a higher level of functional integration of handsets and IoT devices into the SoC.Major PP0117 use casesThe most notable use case of PP0117 is integration of SIM card functionality into SoC devices. The trend of SIM integration takes place in two major verticals – IoT connected devices and mobile phones.1) Integrated SIMIn mobile phones, the main SoC device integrates as many logical functions as possible. This approach enables a reduction in power consumption, offers better pricing, minimizes board space, and introduces new functionalities. Given that SIM cards essentially function as simple microcontrollers with non-volatile storage for code and data, their integration into larger SoC devices appears inevitable. In connected IoT controllers, most, if not all, of the system's functionality, including RF, baseband, and application processors, is integrated into a single device. Implementing an integrated SIM within such a device optimizes the overall cost structure, a benefit that typically extends to the end customer.2) Integrated Secure ElementAnother use case is the integration of secure elements into the mobile phone's SoC. These secure elements manage critical secure functions such as mobile payments, electronic ID integration, biometric user authentication, and operating system security. Almost all modern smartphones feature at least one secure element. The exception is in China, where a secure element isn't mandatory for mobile payments. Mid to high-range mobile phones incorporate two secure elements, one for embedded SIM (eSIM) functionality and another for mobile payment and related features. Embedding these elements into the SoC can notably impact the bill of materials (BOM) cost of the mobile phone, at times representing a significant portion of the total BOM.3) AutomotiveThe hardware security module (HSM) used in automotive subsystems is another example of PP0117-based secure subsystem applications. Such HSMs are used for protecting resources such as V2X networks, driver sensitive information, and vendor assets.In the PC and server ecosystem, security modules integrated into the main SoC devices are used to protect against cyberattack, e.g. boot protection and secure software update.Another emerging use case is supply chain protection, where the secure subsystem can be used to authenticate the hardware during all stages of the system life cycle.In all these use cases, incorporating the secure logic directly into the main SoC is a practical decision from a production cost perspective, since in comparison with the other SoC logic, the secure subsystem requires only a minimal amount of logic and physical space for implementation.Main methodology and evaluation conceptThe Protection Profile and all gathered information were compiled into a single working document, which was then provided to the auditor for conversion into the Common Criteria definition methodology.Several constraints were defined:A. P0117-based designs should have strict conformance to the Security IC Platform Protection Profile (PP-0084). The constraint was essential for the developers to ensure that if they need to certify their products for PP0084 due to the upper layers (software and applets) requiring a composite evaluation to PP0084, they would not need to manage two separate evaluation processes.B. The Protection Profile must comply with EUCC methodology so it can be accepted by the new scheme in Europe.C. The Protection Profile must be aligned with external entities which use\reference PP0084 or plan to use the new Protection Profile in a composite evaluation with their layers\components.D. The Protection Profile should be defined in an Agile way of base requirements and optional packages that the developers can use based on their development.E. The Protection Profile should be general so that it can be used for wide security subsystem solutions in addition to the Secure Element, such as eUICC, iSIM, HSM, TPM, V2X.F. The Protection Profile should support 3 forms of deliveries – IC, hard macro, and programmable macro (PL Macro) to align with industry standards and enable the reuse of the evaluation results across multiple SoCs.G. The Protection Profile should support the different architectures of memory – embedded memory (as in the traditional Secure Element), external off-the-shelf memory, "External Passive Memory", and "Secure Memory" which is a certified component that will be part of the evaluation by the composition evaluation method.Usage of external memoriesAs modern SoC devices are fabricated in cutting-edge technologies, on-chip memories are either costly to implement in terms of silicon area requirements, as in the case of RAM, or outright unfeasible to implement, as in the case of non-volatile memory such as Flash. These limitations dictate the use of external memories with the secure subsystem. To facilitate usage of external memories, PP0117 was structured in an Agile way with a base package. This includes the minimum requirements that any Secure Sub-System within a SoC must satisfy, along with a range of optional packages designed to meet additional industry requirements that have emerged due to the Secure Sub-System in SoC architecture:• External Memory packages (Passive and Secure, volatile and non-volatile memory) – the security requirements related to the data and code stored in the external memory.The external memory package specifies the following requirements:• Protection from content abuse (unauthorized reading erasing or modifying of memory content)• Protection from cloning or replacing of the memory chip between systems• Protection from unauthorized content roll-back• Protection from interfering communication on the external bus, e.g., command replay or modification, eavesdropping, and man-in-the-middle.Passive external memoryIn the case of the passive (i.e. standard, non-secure) external memory, the requirements mandate that the SoC manages all the protection, as the memory device itself has no security functions, and cannot perform or assist in any of the tasks required.Protection from content abuse requires data stored in the external memory to be encrypted. To avoid weakening a fixed encryption key, it is recommended to utilize distinct keys for repeatedly encrypting user-controlled data. Generating multiple encryption keys from a single root key necessitates that the SoC maintains certain state information such as a monotonic, non-volatile counter.Protection from command replay in the case of passive memory is identical to protection from device unauthorized roll-back. In both cases, the adversary forces known and previously authentic information or state into the memory device.The responsibility lies with the SoC to monitor the freshness of the information stored in the external memory for the purpose of detecting modifications originating from command replay (such as writes and erases) or rolling-back the memory content to an earlier legitimate image. To facilitate this, the SoC must maintain state information pertaining to the stored data. This can be achieved using monotonic counter(s). Whenever data is stored externally, it is encapsulated and authenticated in a manner that allows the SoC to verify its version and ensure it has not been rolled- back to an older version.Protection from device cloning requires each SoC to use different keys for encryption and authentication of the data stored externally. This prevents cloning of the content from one memory device into another system, as the information will not be authenticated with a different key.Implementing a monotonic counter in the SoC requires the SoC to have an internal non-volatile storage. As mentioned above, standard non-volatile technologies such as Flash are not available in advanced process nodes, forcing the use of One-Time-Programmable (OTP) fuse-based memory arrays for monotonic counters. Even for a process where OTP is a reputable and robust technology, it has some major limitations and drawbacks:• Cost – OTP fuses require significant die area and usually do not scale well with node technology• Ease of operation – writing an OTP bit requires significant energy release within the die• Security – to withstand some fault-injection attacks on OTP-based monotonic counter implementations, more than one OTP bit is needed per count. In many cases, at least 4 bits per count will be required to maintain reasonable securityIn a typical SoC, under the above security requirements of PP0117 for passive memory, the amount of OTP needed during the life cycle of a SoC device can have a dramatic impact on the cost of the SoC. SoCs that have implemented an OTP-based monotonic counter were required to implement hundreds of thousands of OTP bits, and in some cases, over 1M of OTP bits. This is especially true for IoT devices, where data storage in external memory is common and power cycling occurs frequently. Moreover, these IoT devices are anticipated to have an extensive life cycle, often exceeding 10 years.Secure external memoryThe above requirements apply to secure external memory. However, due to the nature of the secure memory, these requirements are addressed by the memory device itself:• The memory device itself prevents unauthorized access. The commands are signed, and therefore, access and modification of the content require knowledge of a secret key or keys.• Cloning is not possible since the content cannot be accessed by unauthorized entities. Replacement is not possible since the SoC and the original secure memory are bound by a shared secret key, whereas any replacement memory will not have this secret key.• Roll-back of information cannot be accomplished since the secure memory protects the interface by its internal monotonic counter.• Command replay is not possible since the monotonic counter in the flash device ensures that commands are indexed and cannot be repeated.In addition to these protection features, the secure external memory has to be protected from interface abuse – man-in-the-middle modifications and eavesdropping. To facilitate this, the communication bus between SoC and memory is encrypted and authenticated. Read, write, erase, and configuration change commands are encrypted and signed so that the SoC can authenticate and verify the freshness of data coming from the memory against modifications. The memory device can ensure that write, erase, and configuration change commands did indeed originate from the SoC and that they are not replayed by an adversary.Winbond's secure flash for PP0117 certified secure subsystemsWinbond's W75F family of EAL5+ certified secure flash devices is designed for the requirements of PP0117. The secure flash devices allow efficient usage of the flash storage by allowing:• Secure, encrypted and authenticated interface between SoC and Flash• Strong, 128-bit symmetric key• Non-volatile monotonic counter implemented in the flash to prevent replay and roll-back and maintain data and code freshness• Strong counter measures against side-channel, fault injection and anti-hammering• Stored data integrity protection• Execution in place (XIP) from the flash, minimizing needed RAM size and increasing security by eliminating need to clear text code image in RAM• Multiple writes per byte• Composite certification readyCompared to an OTP-based counter implementation in the SoC when using passive memory, the secure flash from Winbond has potentially unlimited cycles of data update. The monotonic counter in the Winbond secure flash is incremented only once every power cycle, compared to OTP-based designs, where in many cases, each write of a new data set to the flash requires an increment, consuming more OTP fuses.Developing a PP0117-compliant solution with Winbond's secure flash is significantly more straightforward. The evaluation process becomes faster and simpler, and users can anticipate a smoother path to certification since the design eliminates the need for complex passive memory sharing and protection techniques.For more information on how Winbond can support your security and compliance needs, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.

IntroductionWith the increasing use of mobile devices, malware targeting smartphones and tablets has become more prevalent. Banking Trojans, in particular, are designed to steal banking credentials and financial information from mobile users.The modern trend in the Integrated Circuits industry is System on a Chip (SoC) and Microcontrollers (MCU), which integrate different discrete solutions, including security functions in a single IC. In particular, the Secure Element / Hardware Security Module (HSM)/UICC can be integrated into the SoC. The main motivations for this integration are reduced system cost, enhanced performance, and added-value functionality.The integrated security function in the SoC needs to meet the same security level as the discreet part. To address the security of integrated solutions and provide the industry with a unified set of security requirements to be fulfilled and clear to evaluate and asses, PP-0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile was developed.BackgroundCybersecurity statistics indicate that there are 2,200 cyber-attacks per day, with a cyber-attack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44M, and cybercrime is predicted to cost $8 trillion by 2023.ENISA[1], in its "ENISA Threats Landscape 2022 Report", presented in several aspects that the segments which were affected the most were the Public Administration and the Finance sectors:Figure 1 ENISA: Reputational impact by sector[1] ENISA - European Union Agency for Cybersecurity, https://www.enisa.europa.eu/This figure points to the potential for negative publicity or an adverse public perception of the affected sector.In the following diagram, it can clearly be seen that the Public Administration and the Finance sectors suffered more seriously from damaged or unavailable systems, corrupted data files, or exfiltration of data compared to the other sectors:Figure 2 ENISA: Digital Impact by SectorSecure Element is a technical solution for digital payments via credit cards and mobile devices, as well as for identification and biometric purposes, such as passports and personal IDs.Since this device secures critical data, governmental bodies and private entities, such as credit card organizations, EMVCo[2], mandate that it be certified to Common Criteria EAL 5+ when using PP0084 – Security IC Platform Protection Profile with Augmentation Packages (Eurosmart, 2014)[3]. Till today more than 250 product certifications were done claiming for this PP.With the integration of the Secure Element in SoC, new challenges/threats were raised on top of the existing challenges/threats of the secure device with high resistance to physical and logical attacks:• Preventing the insecure state of the product by disturbing the boot process and enabling manipulation of the product by hostile software or malicious code.• Preventing content abuse of the data and code stored at the external non-volatile\volatile memory which is part of the SoC architecture by the attacker which accesses the external memory for disclosing or modifying the content of the external memory used by the secure component and by compromising confidentiality and/or integrity of secure content to be protected by the secure component.• Preventing Cloning of the content stored in the external memory or physical replacement of the external memory of the data and code stored at the external non-volatile\volatile memory.[2] EMVCo - https://www.emvco.com/about-us/overview-of-emvco/[3] Security IC Platform Protection Profile with Augmentation Packages : https://www.commoncriteriaportal.org/files/ppfiles/pp0084b_pdf.pdf• Preventing the ability of replay commands, the write, erase or responses to the read commands between the security component and the external memory, to affect the freshness of the content read from or written to the external memory. Preventing Unauthorized rollback of content.• Preventing the attempt to read the content of the external memory, record it, and later write it back to the external memory after the original content was updated by the Security component.• For SoC architecture that uses Secure Memory, the interface between the secure memory and the secure component should be protected from being blocked or intercepted by an attacker eavesdropping on the interconnection bus (e.g., by a man-in-the-middle attack), to disclose the user data and/or code data being written to or read from the secure external memory before security services are executed or finalized by the secure external memory.SoCs with integrated security functions appeared in the market and the security evaluation was done in a way of a mixture of PP0084 or part of it with extended requirements which might reflect the newly innovated device. No unified requirement. The challenge was to define all aspects of using and protecting the security functions when it is being integrated into the SoCThe methodEurosmart took the challenge and established a technical working group under its domain, ITSC. The subgroup includes Eurosmart members from the industry: semiconductor companies, software companies, ITSEF involved in evaluating security devices, Certification bodies, and consultants in this field.The national certification bodies were invited to the working group even though they are not Eurosmart members.On top of it, a liaisons\sharing was established with stakeholders who are referring \ interested \using this Protection Profile:A. Peers working groups: JHAS and ISCI-WG1.B. Organizations that reference the PP: FIDO, GlobalPlatform, GSMA.C. ENISA – for the alignment with CSA-EUCC which will be the scheme for this PP once the act will be implemented.The resultPP0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile includes the following:The TOE (Target of Evaluation) is "a Secure Sub-System (3S) implemented as a functional block of a System on Chip (SoC). The TOE implements a processing unit, security components, I/O ports and memories to provide a range of security functionalities covering a defined set of security objectives. The TOE provides its security features and security services isolated from the remaining SoC components, based on physical and/or logical isolation mechanisms. The TOE may rely on external memories to store content (data, code or both)."Figure 3: The Target of Evaluation (TOE)The TOE can be delivered as hard macro and/or programable macro, PL macro, as was defined in the team objectives.On top of it, the usage of external memory in different stages of the life cycle should be considered as well.The team strives to develop as generic as possible life cycle and highlight the new aspects of this architecture. It was clear that the new life cycle requires elaboration. With the cooperation with ISCI-WG1 a supplement guidance document, "Life-Cycle Model (LCM) Related Evaluation Aspects" was developed with more explanations related to the aspects that need to be fulfilled and assessed in the different phases of the life cycle.Figure 4: TOE Life CycleThe Protection Profile was structured with a base package of minimum requirements for any Secure Sub-System in a SoC, plus optional packages to address additional industry-specific needs arising from the architecture:• External Memory packages (Passive and Secure, volatile and non-volatile memory) – The restrictions related to the security of the data and code that are stored in the external memory.• Loader Package – The restrictions in loading functionality of the TOE Software or Composite Software from external memory.• Crypto Package - Framework for the integration of various cryptographic algorithms supported by the TOE. For addressing the need to be a generalized PP, this package, contrary to PP0084, doesn't define specific algorithms to implement but general instructions regarding the usage of recognized cryptographic algorithms.• Composite Software Isolation Package - The isolation features enable the separation between different software packages which may be delivered by different developers.Figure 5 PP Packages structureThe Security Problem Definition (SPD) which includes the assets to be protected, the threats, policies, and assumptions was developed in light of the collaboration with the JHAS group.In the Security Objectives section, dedicated objectives were defined related to the new approach of the TOE form (hardmacro\ PL macro).The base package of the Security Functional Requirements (SFRs) includes the PP0084 SFRs but for fulfilling the TOE need to be a Root of Trust, additional requirements for unique identification were included.The integration of the security sub-system in a non-secure SoC leads to the need to define the TOE as a way it provides its services isolated from the other SoC components based on physical and/or logical isolation mechanisms.The challenge in enabling integration of certified sub-systems in a non-secure system required new practices to be done by the developer and to be assessed by the ITSEF – the developer should instruct in which conditions the integration should be done and the ITSEF should verify that the integration was followed and no compromising of security was inspected during this process.Dedicated refinements related to the integration were added to the Security Assurance Requirements (SARs) for the ITSEF to verify the process was defined and done with no compromises.The evaluation was done by SGS with the supervision of BSI.SummaryPP0117 represents a significant advancement in cybersecurity certification for integrated systems. By providing a unified, flexible framework, it bridges the gap between traditional discrete certifications and modern integrated solutions, ensuring robust protection for sensitive data in an increasingly interconnected world.Winbond supports PP0117 by offering the W75F Secure Memory, which fulfilled the Secure External memory package. With Winbond EAL 5+ certified secure Flash, PP0117 can be claim in a composition with Winbond device and offer trusted external memory solution within SoC architectures. For more information, please visit Winbond website or download the latest Hardware Security White Paper.

In the evolving landscape of cybersecurity, industrial organizations play a pivotal role in establishing robust specifications and standards. These entities bridge the gap between industry needs and regulatory frameworks, ensuring the creation of secure, interoperable, and scalable solutions. Among the most influential players in this domain are Eurosmart, GlobalPlatform, and the Trusted Computing Group (TCG). Additionally, organizations like the European Telecommunications Standards Institute (ETSI) and the International Electrotechnical Commission (IEC) contribute significantly to shaping global cybersecurity frameworks. Together, these organizations form a cohesive ecosystem to address the multifaceted challenges of cybersecurity.Eurosmart: Advocating for secure digital solutionsEurosmart, an association dedicated to fostering security in digital interactions, has long been a key player in shaping cybersecurity specifications. Focused on secure elements, identity solutions, and security subsystems in Systems on Chips (SoCs), Eurosmart promotes standards that address emerging threats and technological advancements.Key Contributions:• Standardization of Secure Elements: Eurosmart develops specifications for secure elements used in smart cards, e-passports, and secure SoC subsystems. These standards ensure data integrity and protection against unauthorized access.• Engagement with Regulatory Bodies: By collaborating with EU regulators, Eurosmart aligns its specifications with legislative requirements like the EU Cyber Resilience Act (CRA). This ensures that security measures meet both industry and governmental expectations.• Focus on Secure Subsystems: Eurosmart plays a significant role in defining cybersecurity specifications for secure SoC subsystems, Focuses on embedded security functions within SoCs, including external secure NVM, secure boot, data integrity, and cryptographic functionalities. These ensure robust protection against sophisticated threats, making SoC subsystems integral to secure digital infrastructure.Eurosmart's contributions extend beyond technical specifications. Its advocacy for certification frameworks ensures that products meet high-security benchmarks, enhancing consumer trust and market reliability.GlobalPlatform: Enabling interoperability and securityGlobalPlatform focuses on the standardization of secure digital services and devices, with an emphasis on enabling interoperability. This organization's specifications are widely adopted in the mobile, IoT, and payments industries, making it a cornerstone of secure device communication.Key Contributions:• SESIP Certification: Through the Security Evaluation Standard for IoT Platforms (SESIP), GlobalPlatform provides a streamlined certification process tailored to IoT products. This approach reduces complexity while maintaining high-security assurance levels.• Secure Component Standardization: GlobalPlatform defines standards for secure elements, trusted execution environments (TEEs), and mobile platforms. These standards ensure compatibility and security across devices and services.• Collaborative Technical Working Groups: GlobalPlatform engages with technical working groups to address specific industry challenges, ensuring its standards remain relevant and comprehensive.GlobalPlatform's emphasis on interoperability ensures seamless integration across devices and networks, enhancing both user experience and security.Trusted Computing Group (TCG): Building Trustworthy SystemsThe Trusted Computing Group (TCG) specializes in developing open standards for hardware-based security. Its specifications provide foundational trust mechanisms for a wide range of devices, from PCs and servers to embedded systems.Key Contributions:• Trusted Platform Modules (TPMs): TCG's TPM specifications establish a hardware root of trust, enabling secure boot processes, encryption, and key management. TPMs are integral to safeguarding critical data and system integrity.• Embedded Systems Security: TCG extends its standards to embedded systems, addressing the unique challenges of securing constrained devices. Its specifications are widely used in industrial automation, automotive, and healthcare sectors.• Collaboration with Technical Groups: TCG works closely with groups like ISCI to enhance standards for industrial control systems and critical infrastructure security.TCG's focus on hardware-based security provides a strong foundation for building resilient systems capable of withstanding sophisticated cyber threats.ETSI: Shaping telecommunications securityThe European Telecommunications Standards Institute (ETSI) is a global leader in creating standards for telecommunications, including cybersecurity. ETSI's work ensures secure communication protocols and infrastructure.Key Contributions:• Development of Cybersecurity Standards: ETSI's EN 303 645 serves as a baseline for IoT security, outlining requirements for device integrity, data protection, and vulnerability management.• Support for Telecommunications Security: ETSI has developed specifications to secure 5G networks, addressing threats like unauthorized access and data breaches.• Collaboration with Industry: By working with network operators, manufacturers, and regulators, ETSI ensures its standards meet the dynamic needs of the telecommunications sector.ETSI's focus on telecommunications security ensures that global communication networks remain robust and resilient.IEC: Global safety and security standardsThe International Electrotechnical Commission (IEC) develops standards for electrical and electronic systems, integrating cybersecurity into its frameworks. Its work spans industries like energy, healthcare, and industrial automation.Key Contributions:• Industrial Control System Security: IEC 62443 provides comprehensive guidelines for securing industrial control systems, mitigating risks associated with cyber-attacks on critical infrastructure.• Healthcare Device Security: IEC collaborates with ISO to create standards for medical device security, ensuring patient safety and data protection.• Integration with Cyber-Physical Systems: IEC's standards address the cybersecurity challenges of interconnected systems, including smart grids and autonomous vehicles.Collective impact on cybersecurityEurosmart, GlobalPlatform, TCG, ETSI, and IEC collectively contribute to a cohesive cybersecurity landscape. Their specifications ensure:• Enhanced Security: By addressing vulnerabilities at both hardware and software levels, these organizations provide comprehensive protection against cyber threats.• Global Interoperability: Standardization efforts promote compatibility across devices and systems, fostering international collaboration and trade.• Market Confidence: Certification programs and adherence to high-security benchmarks enhance consumer trust in products and services.Challenges and future directionsDespite their significant contributions, industrial organizations face challenges such as:• Keeping Pace with Technological Advances: Rapid innovation demands continuous updates to specifications and standards.• Global Harmonization: Aligning standards across regions requires extensive collaboration and negotiation.• Balancing Security and Usability: Striking the right balance between robust security measures and user convenience remains a critical task.Looking ahead, the role of industrial organizations will expand to address emerging technologies such as quantum computing, AI, and blockchain. By continuing their collaborative efforts, these organizations will ensure that cybersecurity specifications remain relevant, effective, and universally adopted.ConclusionIndustrial organizations like Eurosmart, GlobalPlatform, TCG, ETSI, and IEC are at the forefront of defining and implementing cybersecurity specifications. Their efforts underpin the secure operation of digital services and devices worldwide. By addressing current and future challenges, these organizations ensure that the global digital ecosystem remains resilient, secure, and trustworthy.Winbond actively participates in key industry organizations such as GlobalPlatform and Eurosmart, contributing to the development of new cybersecurity standards and ensuring alignment with evolving regulatory requirements.All Winbond Secure Flash products meet modern cybersecurity regulations and requirements, supporting industry standards and certification processes. They are pre-certified with various cybersecurity frameworks, easing the certification burden for customer platforms. Additionally, Winbond provides a complete turnkey solution, including pre-certified devices, software, and conformance documentation, tailored to regulations such as the EU Cyber Resilience Act (CRA) and the EU Radio Equipment Directive (RED).For more details on how Winbond can help secure your supply chain and simplify compliance, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.

In an era of rapid technological advancement, standards form the backbone of secure, reliable, and fair practices across industries. Standards are essential for ensuring consistency, quality, and safety, particularly in domains where data protection and cybersecurity are critical. This article explores why standards are indispensable, the scope they cover, and how regulations enforce them effectively. The article specifically addresses standards, such as ISO/IEC27001, ISO26262, ISO/IEC 15408 Common Criteria, SESIP, EU Cyber Resilience Act (CRA) and the EU Radio Equipment Directive (RED).Why Are Standards Required?Standards provide a structured approach to managing complexity and ensuring quality. They serve as universal guidelines that align practices, enabling compatibility, safety, and trust. Their role in protecting and securing data is paramount, ensuring that sensitive information is not only safeguarded but also managed ethically and efficiently.Data is a valuable asset that requires stringent protection. Standards like ISO/IEC 27001 for information security and ISO 26262 for functional safety in automotive systems ensure robust measures to protect data, infrastructure, and human safety. These frameworks establish best practices for encryption, secure access controls, and ethical handling of information. By adhering to these standards, organizations demonstrate their commitment to security and build a resilient foundation for technological advancement.Moreover, standards are pivotal for fostering international collaboration and interoperability. For instance, the seamless exchange of data between global organizations relies on shared protocols and secure practices defined by standards. This harmonization reduces trade barriers, boosts innovation, and ensures that technological progress benefits a broader spectrum of society.Standards also play a crucial role in shaping consumer trust. When products meet established safety and quality benchmarks, consumers gain confidence in their reliability. This is particularly significant in industries such as healthcare and finance, where trust in systems and devices is essential. For example, medical devices that comply with ISO 13485 demonstrate adherence to stringent safety requirements, ensuring their efficacy and reliability.What Do Standards Cover?Common Criteria, SESIP Standards address diverse industry and societal needs, ensuring compatibility, safety, and operational excellence across various domains. In cybersecurity and data protection, standards like ISO/IEC 15408 and SESIP provide frameworks for assessing IT security features and IoT device resilience. Similarly, ISO 26262 ensures functional safety in automotive systems, reducing risks associated with advanced electronic technologies.Cloud Security Emerging technologies also benefit from standards, which provide ethical and operational benchmarks for developments like AI, blockchain, and quantum computing. By embedding robust security measures, these standards mitigate risks, foster trust, and encourage technological advancement. For instance, ISO/IEC 27017 focuses on cloud security, while the EU RED directive sets clear guidelines for wireless communications, ensuring safer and more reliable technologies.Sustainability Another area where standards prove indispensable is environmental sustainability. Standards like ISO 14001 guide organizations in reducing their environmental impact, ensuring that businesses operate responsibly while minimizing their carbon footprint. This dual focus on innovation and sustainability underscores the multifaceted role standards play in modern society.Safety Moreover, standards influence consumer safety in industries such as healthcare. Devices adhering to ISO 13485 demonstrate stringent safety requirements, ensuring efficacy and reliability. Similarly, in aviation, ISO 45001 supports occupational health and safety management systems, creating safer working environments for crew and staff. These diverse applications illustrate the universal relevance of standards in promoting trust and safeguarding well-being.How Are Standards Enforced?While standards establish the framework, enforcement ensures their practical application and impact. Legislative tools remain the most powerful enforcement mechanism. Regulations such as the EU Cyber Resilience Act (CRA) and the EU Radio Equipment Directive (RED) mandate compliance with stringent cybersecurity and safety benchmarks, especially for products with digital and wireless communication elements. These regulations demand adherence to established standards, ensuring robustness against evolving threats.Certifications Certification requirements further validate compliance. Standards like ISO/IEC 15408 (Common Criteria) and SESIP for IoT devices involve rigorous third-party evaluations to confirm adherence. Regular audits and inspections maintain ongoing compliance, fostering trust among stakeholders. For example, SESIP evaluations assess the security posture of IoT devices across various implementation contexts, ensuring they meet predefined security baselines.Penalties Penalties for non-compliance, such as fines and operational restrictions, act as significant deterrents. Collaboration between public authorities and industry stakeholders ensures enforcement mechanisms remain practical and adaptive. Advanced technological tools, including AI-driven compliance monitoring systems, streamline enforcement, making adherence more efficient.Self-Assessment Additionally, industry self-regulation plays a vital role in the enforcement of standards. Many organizations adopt voluntary compliance measures, recognizing that adhering to high standards not only ensures safety and quality but also enhances their competitive edge. Collaborative industry initiatives, such as the GlobalPlatform SESIP certification program, exemplify how collective efforts drive the enforcement of standards across sectors.Challenges and Future DirectionsBalancing compliance with innovation is a significant challenge. Overregulation can hinder creativity, while under regulation exposes vulnerabilities. Adaptive standards that evolve with technological progress are essential. For instance, ensuring that frameworks like ISO 21434 for automotive cybersecurity remain relevant to advancing vehicle technology is critical. Additionally, global harmonization of standards facilitates international trade and collaboration.Enhancing enforcement mechanisms, including leveraging advanced tools and public engagement, ensures comprehensive compliance. Continuous improvement through regular updates keeps standards relevant, addressing emerging challenges effectively. For example, campaigns aimed at educating citizens about data security not only empower individuals but also foster a collective commitment to maintaining high standards across industries.Another future direction is the integration of standards into emerging digital ecosystems, such as smart cities and autonomous vehicles. These environments require robust, interoperable standards to manage the complexity of interconnected systems while ensuring safety and security. The development of new standards for AI ethics, IoT security, and blockchain interoperability is a testament to the ongoing evolution of standardization efforts.ConclusionStandards are the cornerstone of a secure, reliable, and innovative global landscape. Enforced through powerful legislative tools, such as the EU CRA and RED, and complemented by public awareness, they protect data, ensure safety, and foster trust. Examples like ISO/IEC 27001 and ISO 26262 highlight their critical role across sectors. By integrating emerging technologies with adaptive standards, the future promises a harmonious blend of innovation and security. Continuous public education and engagement will further bolster these efforts, ensuring a sustainable and secure technological ecosystem for generations to come.As technology advances, the role of standards will only grow in importance. From protecting sensitive data to fostering international collaboration, standards provide the foundation for progress. By embracing adaptive standardization and robust enforcement mechanisms, society can navigate the challenges of the digital age with confidence and resilience.In an era where system vendors must navigate diverse cybersecurity regulations across different regions, Winbond alleviates these challenges by providing pre-certified products that streamline compliance efforts. Winbond Secure Flash products are pre-certified with various cybersecurity standards, easing the certification process for customer platforms. Additionally, Winbond offers a complete turnkey solution, including pre-certified devices, software, and conformance documentation tailored to regulatory requirements such as the EU Cyber Resilience Act (CRA) and the EU Radio Equipment Directive (RED).For more information on how Winbond can support your security and compliance needs, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.