New “US Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

New “US Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

Automated product cybersecurity and compliance platform checks standards, finds vulnerabilities, and helps meet requirements faster

Duesseldorf, July 25, 2023 – Almost every new device today is connected, contains microchips, and runs its own software. From smart dishwashers to industrial routers, every device is a potential target for hackers who can gain access to a network and valuable data. To improve security, the US government has now introduced the US Cyber Trust Mark. The mark is designed to help consumers buy secure devices that have been tested for risks.

The US Cyber Trust Mark is planned as a voluntary trust mark and is primarily focused on the consumer market. The forthcoming European Cyber Resilience Act (CRA), on the other hand, is a mandatory legal requirement that will force all manufacturers and importers of network-connected devices worldwide to implement and continuously monitor enhanced cybersecurity measures.

„Our product cybersecurity and compliance platform, which performs comprehensive firmware analysis for cyber risks, already provides an automatic check for today’s known EU Cyber Resilience Act requirements, as well as checking for US Cyber Trust Mark basics such as NIST 8259A and EN303645. This means a manufacturer can already check where its products stand in terms of compliance in just a few minutes,“ says Jan Wendenburg, CEO of product cybersecurity and compliance specialist ONEKEY.

Built-in compliance checker automatically checks for key industry standards

ONEKEY operates a product cybersecurity platform that performs automated auditing and risk assessment of devices with firmware. The integrated compliance check verifies the most important international industry and security standards – as new ones are added, they are also integrated. Manufacturers and importers of technology products can now check firmware – i.e. device- or component-specific software – for compliance with standards and potential gateways for hackers, and then organise their remediation, fully automatically in minutes with just a few mouse clicks. „The legislative initiatives to improve IoT security are valuable and welcome – as this will massively support the cyber resilience of the economy and the security of businesses and consumers in the long term. Our platform, with its built-in compliance checker, allows us to check compliance with these policies and laws in minutes. This means that problems can be identified and corrected faster, and any necessary self-declarations or documentation for following certifications can be easily created,“ explains Jan Wendenburg, CEO of ONEKEY.

Support for a wide range of international cybersecurity standards

The ONEKEY platform already supports today EN303645, IEC62443, NIST8259A, OWASP, Singapore CLS, IOTSF, IOTxT, UNR155, many ENISA, UK and other international and industry-specific cybersecurity standards in addition to the requirements of the Cyber Resilience Act.

About ONEKEY: 
ONEKEY is a leading European specialist in Product Cybersecurity & Compliance Management. The unique combination of an automated Product Cybersecurity & Compliance platform with expert knowledge and consulting services provides fast and comprehensive analysis, support and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. „Digital Cyber Twins“ enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
Integrated compliance checking already covers the upcoming EU Cyber Resilience Act and existing requirements according to IEC62443-4-2, EN303645, UNR155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.