In October, I posted
about the fact that my client Red Alert
Labs had become certified as an assessor by the ioXt Alliance, the global standard for
IoT security; they’re only the eighth organization to receive this honor. Now,
the Alliance has put out a press release to announce this fact:
NEWPORT BEACH, Calif. — Dec. 15, 2022 — The ioXt
Alliance, the global standard for IoT security, today announced the
addition of Red Alert Labs, a
Europe-based Cybersecurity Lab specialized in IoT, to the ioXt Authorized Labs certification
program. Authorized labs are the exclusive test providers for the ioXt Alliance
and perform all testing required for devices to be certified by ioXt and to
bear the ioXt SmartCert label, which provides security assurance to consumers
and enterprises.
Red Alert Labs (RAL) is an IoT
security provider helping organizations trust IoT solutions throughout their
lifecycle. RAL provides comprehensive IoT security by design, risk management,
consulting, audit and certification services supported by automated processes.
RAL provides assessments and certifications of connected devices based on
multiple standards, including IEC 62443, Common Criteria, ETSI
303 645, and NIST 8425.
RAL is also involved with the European Union Agency for Cybersecurity (ENISA)
to develop the EUCC scheme for ICT products and EUCS scheme for cloud services
in the context of the Cybersecurity Act in Europe.
Ayman Khalil, managing partner and
COO of Red Alert Labs, said, “Given our experience performing IoT device
evaluations and certifications for various standards like ETSI 303 645, we are
quite pleased to be working with ioXt Alliance, both for SmartCert
certifications and for the upcoming U.S. IoT device security labeling program.
IoXt is working closely with NIST, in accordance with the executive order given
by the White House, in supporting the development of that program.”
“Authorized labs are important
organizations in the ioXt Alliance as they provide ioXt certification testing
to ensure devices are secure for consumers and businesses to use,” said Jan
Bondoc, vice president of information technology at the ioXt Alliance. “We’re
very pleased to welcome Red Alert Labs as an Authorized Labs partner to work
with us to advance security in the IoT industry.”
With profile creation by top-tier
companies in technology and device manufacturing, the ioXt Alliance is the only
industry-led, global IoT device security and certification program in the
world. Devices with the ioXt SmartCert label give consumers and retailers
greater confidence in a highly connected world.
ioXt certification includes both
security controls implemented in a connected device and the manufacturer’s
security practices. An example of the former is whether security updates are
applied automatically when possible. An example of the latter is whether the
manufacturer published a policy to notify customers when support will end for
their product.
Besides assessing and certifying
connected devices and their manufacturers, RAL helps end-user organizations
assess the cybersecurity risks they face from devices they are considering for
procurement. After procurement, RAL helps those organizations assess and
mitigate security issues identified in devices they use. For example, RAL will
soon provide services based on the NIST.IR 8425 cybersecurity framework for
connected devices, developed by the U.S. National Institute of Standards and
Technology (NIST).
About the ioXt Alliance
The ioXt Alliance is the Global
Standard for IoT Security. Founded by leading technology and product
manufacturing firms, ioXt is the only industry led, global IoT product security
and certification program in the world. Products with the ioXt SmartCert give
consumers and retailers greater confidence in a highly connected world. Learn
more at ioxtalliance.org.
About Red Alert Labs
Red Alert Labs is an IoT security
provider helping organizations trust IoT solutions. An independent
cybersecurity lab with a disruptive business offer to solve the technical and
commercial challenges in IoT. Its expertise has been recognized by numerous
awards. Red Alert Labs is a valued member of IoXt Alliance, EUROSMART, IoTSF,
CCC, ACN, SYSTEMATIC, CEN-CENELEC, and ECSO.
I’ve been working with Red Alert
Labs for a year and a half, and I can attest that they’re a high quality
organization. Note they work with both IoT device manufacturers and end users.
In fact, I and Isaac Dangana of RAL wrote an article
that was published this summer, on why IoT manufacturers need to follow
different practices with respect to SBOMs and software component vulnerability
management than suppliers of “stand-alone” software. Intelligent devices
(especially medical devices) introduce a lot of unique security concerns. Given
the rate at which devices are proliferating, there’s lots of work to be done!
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment