ONEKEY platform automatically verifies essential requirements of the new U.S. Cyber Trust Mark Blog Banner

New “U.S. Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

Automated product cybersecurity and compliance platform checks standards, finds vulnerabilities, and helps meet requirements faster

Duesseldorf, July 28, 2023 – Almost every new device today is connected, contains microchips, and runs its own software. From smart dishwashers to industrial routers, every device is a potential target for hackers who can gain access to a network and valuable data. To improve security, the U.S. government has now introduced the U.S. Cyber Trust Mark. The mark is designed to help consumers buy secure devices that have been tested for risks.

The U.S. Cyber Trust Mark is planned as a voluntary trust mark and is primarily focused on the consumer market. The forthcoming European Cyber Resilience Act (CRA), on the other hand, is a mandatory legal requirement that will force all manufacturers and importers of network-connected devices worldwide to implement and continuously monitor enhanced cybersecurity measures.

“Our product cybersecurity and compliance platform, which performs comprehensive firmware analysis for cyber risks, already provides an automatic check for today’s known EU Cyber Resilience Act requirements, as well as checking for U.S. Cyber Trust Mark basics such as NIST 8259A and EN303645. This means a manufacturer can already check where its products stand in terms of compliance in just a few minutes,” says Jan Wendenburg, CEO of product cybersecurity and compliance specialist ONEKEY.

Built-in compliance checker automatically checks for key industry standards

ONEKEY operates a product cybersecurity platform that performs automated auditing and risk assessment of devices with firmware. The integrated compliance check verifies the most important international industry and security standards – as new ones are added, they are also integrated. Manufacturers and importers of technology products can now check firmware – i.e. device- or component-specific software – for compliance with standards and potential gateways for hackers, and then organise their remediation, fully automatically in minutes with just a few mouse clicks. “The legislative initiatives to improve IoT security are valuable and welcome – as this will massively support the cyber resilience of the economy and the security of businesses and consumers in the long term. Our platform, with its built-in compliance checker, allows us to check compliance with these policies and laws in minutes. This means that problems can be identified and corrected faster, and any necessary self-declarations or documentation for following certifications can be easily created,” explains Jan Wendenburg, CEO of ONEKEY.

Support for a wide range of international cybersecurity standards

The ONEKEY platform already supports today EN303645, IEC62443, NIST8259A, OWASP, Singapore CLS, IOTSF, IOTxT, UNR155, many ENISA, UK and other international and industry-specific cybersecurity standards in addition to the requirements of the Cyber Resilience Act.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150