IoT System  Certification  Scheme  (IoTSCS)

The IoTSystem  Certification  Scheme  (IoTSCS), operated by STQC Dte, Ministry of Electronics and Information Technology, has aim to support all  the  IoT  products and system. 

Evaluation  of IoT product &system  covers  assessment  of  all  the  sensing  and  embedding components  (includes  Sensors,  Actuators  etc),  communication  protocols,  IoT Gateways,  IoT  cloud,  End-user  devices  and  user  interface  etc 

Benefits of Certification

This provides users of IoTproduct & System confidence in the security functionality provided. It also provides users with a metric to compare the security capabilities of products that they are intending to buy.

The scheme is intended to serve many communities of interest with very diverse roles and responsibilities.

• IoT product developers,
• IoTproduct vendors,
• IoT systems integrators for IT security infrastructure
• IoTproduct researchers,
• Acquisition/procurement authorities of IoT product
• Consumers of IT Security products

Assessment Level of IoT product

Assessment of IoT devices covers basically three aspects mainly physical,  Communication and its application interfaces. The IoT devices scheme comprises of three (03) levels, with each higher level being more comprehensive in the assessment. There are 3 different level of assessment, covering different security requirements. The objective of testing under each of the levels are summarized in IoT device scheme assessment Levels below:

• Level 1 requirements is to provide protection against attacks that target software only, i.e. attacks that do not involve physical access to the device. Level 1 requirements aim to provide a security baseline for connected devices.
• Level 2 requirements is to provide protection against attacks that go beyond software and that target the hardware of the device. Devices that adhere to level 2 requirements are devices where compromise of the device should be avoided.
• Level 3 requirements is to provide requirements for devices where compromise should be avoided at all cost. Devices where there is highly sensitive information stored on the device or where compromise of the device can result in fraud or safety. In addition to the security requirements provided by level 1 and 2, level 3 requirements focus on defense-in-depth techniques that attempt to hinder reverse engineering and physical tampering efforts.

Contact US