New “U.S. Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

Automated product cybersecurity and compliance platform checks standards, finds vulnerabilities, and helps meet requirements faster

Duesseldorf, July 28, 2023 – Almost every new device today is connected, contains microchips, and runs its own software. From smart dishwashers to industrial routers, every device is a potential target for hackers who can gain access to a network and valuable data. To improve security, the U.S. government has now introduced the U.S. Cyber Trust Mark. The mark is designed to help consumers buy secure devices that have been tested for risks.

The U.S. Cyber Trust Mark is planned as a voluntary trust mark and is primarily focused on the consumer market. The forthcoming European Cyber Resilience Act (CRA), on the other hand, is a mandatory legal requirement that will force all manufacturers and importers of network-connected devices worldwide to implement and continuously monitor enhanced cybersecurity measures.

"Our product cybersecurity and compliance platform, which performs comprehensive firmware analysis for cyber risks, already provides an automatic check for today's known EU Cyber Resilience Act requirements, as well as checking for U.S. Cyber Trust Mark basics such as NIST 8259A and EN303645. This means a manufacturer can already check where its products stand in terms of compliance in just a few minutes," says Jan Wendenburg, CEO of product cybersecurity and compliance specialist ONEKEY.

Built-in compliance checker automatically checks for key industry standards

ONEKEY operates a product cybersecurity platform that performs automated auditing and risk assessment of devices with firmware. The integrated compliance check verifies the most important international industry and security standards – as new ones are added, they are also integrated. Manufacturers and importers of technology products can now check firmware – i.e. device- or component-specific software – for compliance with standards and potential gateways for hackers, and then organise their remediation, fully automatically in minutes with just a few mouse clicks. "The legislative initiatives to improve IoT security are valuable and welcome – as this will massively support the cyber resilience of the economy and the security of businesses and consumers in the long term. Our platform, with its built-in compliance checker, allows us to check compliance with these policies and laws in minutes. This means that problems can be identified and corrected faster, and any necessary self-declarations or documentation for following certifications can be easily created," explains Jan Wendenburg, CEO of ONEKEY.

Support for a wide range of international cybersecurity standards

The ONEKEY platform already supports today EN303645, IEC62443, NIST8259A, OWASP, Singapore CLS, IOTSF, IOTxT, UNR155, many ENISA, UK and other international and industry-specific cybersecurity standards in addition to the requirements of the Cyber Resilience Act.