Prism Infosec becomes IoT Security Assured Assessor

Gaining ‘hands-on’ certification via an independent assessor will help manufacturers reassure customers and comply with regulatory demands

Cheltenham, U.K. — 8 June, 2022 — Prism Infosec, the independent cybersecurity consultancy, today announced it has been certified as an IoT (Internet of Things) Security Assured Assessor under the IoT Security Assured scheme run by the IASME Consortium. The scheme sees internet connected devices assessed against industry best practice and is aligned with the ETSI technical standard for IoT security, EN 303 645, with the proposed UK IoT security legislation and guidance, the Product Security and Telecommunications Infrastructure (PSTI) Bill, and is also mapped to the IoTSF Security Compliance Framework. Prism Infosec is now able to help those manufacturers looking to comply with the new standard by assessing and validating their application as an IoT Security Assured Assessor.

Initially funded by a grant from the Department for Digital, Culture, Media and Sport (DCMS), the IoT Security Assured scheme aims to boost consumer confidence in the IoT and was launched following a successful pilot in 2021. The scheme features three levels of security. A Basic level aligned with the PSTI and the top three requirements of the ETSI standard, a Silver level with the ETSI mandatory requirements and data protection provisions, and a Gold level with the ETSI mandatory requirements as well as all additional ETSI recommended requirements and data protection provisions. Those manufacturers meeting the criteria will be able to display the relevant badge on their IoT device, providing consumers with added reassurance.

The IoT Security Assured Scheme is designed to be accessible and achievable and requires the applicant to work through eight categories of questions about the security controls in place on the connected device and any associated services. These cover issues including passwords and credentials, vulnerabilities and anomalies, software, secure configuration, communications and usage of data. A board member from the organisation must then declare the claims are true before submitting the application for review by the assessor within six months. As the process is self-led up until this point, the assessor plays a crucial role in providing feedback and in helping the manufacturer to meet the necessary criteria to reach the desired level of certification.

“Assessors will provide hands-on certification of the IoT Security Assured Scheme. This means that manufacturers are required to first achieve the verified self-assessment and then upgrade to the hands-on version which would involve additional documentation and a hands-on assessment of the device by the assessor. Importantly, this level of certification does not involve an in-depth technical assessment, but sees the assessor examining the device from a user-perspective in a typical use environment, providing a significant additional level of assurance without a significant additional cost,” explains Dr Emma Philpott MBE, CEO, IASME.

“Security is a top concern among consumers when it comes to the Internet of Things so it’s vital to the industry to allay those concerns. The IoT Security Assured Scheme provides a low barrier of entry, enabling manufactures to assess their products against the security controls and practices advocated by the existing and emerging sets of regulation. Those that sign-up to the scheme can capitalise on our expertise to help improve their security controls, are able to reassure their customers and to use the badge to differentiate their offering in the marketplace. But it will also enable them to get ahead of the regulatory curve and futureproof their offering,” states Phil Robinson, Principal Consultant and Founder of Prism Infosec.

IoT manufacturers can preview the self-assessment questions here and are invited to sign-up for the IoT Security Assured Scheme here: https://iasme.co.uk/internet-of-things/get-iot-security-assured-self-assessment/

About IASME Consortium
IASME is a cyber security business dedicated to keeping organisations safer online. Through its products and services, it helps organisations of all sizes to protect themselves against cyber threats.

About Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy that provides assessment services over cloud and traditional on-prem architectures and enterprise applications to the public and private sector. Our team of dedicated consultants combine business and management skills with technical acumen and are vetted to the highest standards. We like to practice what we preach and are Cyber Essentials Plus, ISO27001:2013 ISMS and ISO9001:2015 QMS accredited.

Offering a range of consultancy services we also act as assessors for a number of standards bodies. We are a STAR member of CREST, a National Cyber Security Centre CHECK Green Light company, a Cyber Essentials Plus certifying body, and a Payment Cards Industry (PCI) Qualified Security Assessor (QSA).

Prism Infosec was founded in 2006 and has offices in Cheltenham and Liverpool in the UK as well as Brussels. For more information please go to www.prisminfosec.com.

Media contact

Sarah Bark

T: +44 (0)1420 587978

E: sarah.bark@prisminfosec.com

Phil Robinson

Phil Robinson has worked in information security for over 25 years and is the founder of Prism Infosec which offers cutting edge penetration testing, red teaming and security consultancy services of cloud and traditional on-prem architectures and enterprise applications. Phil has been instrumental in the development of numerous penetration testing standards and certifications. He was involved in the original formation of the Council for Registered Ethical Security Testers (CREST), chaired the management committee of the Tiger scheme and established key CESG Certified Professional (CCP) roles on behalf of the British Computer Society (BCS), and has also contributed toward the Open Source Testing and Security Manual (OSSTMM). An Associated Member of the ISSA, an (ISC)2 CISSP, ISACA CISA and a CHECK Team Leader, Phil has worked as a CLAS Consultant / Senior CCP Security and Information Risk Advisor and in this capacity has delivered cybersecurity advice and guidance to HMG departments and agencies. He regularly speaks about penetration testing and e-crime to help promote cybersecurity awareness and industry best practice.