ioXt Alliance selects Red Alert Labs for Authorised Labs certification programme
Newport Beach, United States – ioXt Alliance, a global standard for IoT security, announced the addition of Red Alert Labs, a Europe-based cybersecurity company, to ioXt Authorised Labs certification programme. Authorised labs are the test providers for the ioXt Alliance and perform all testing required for devices to be certified by ioXt and to bear the ioXt SmartCert label, which provides security assurance to consumers and enterprises.
Red Alert Labs (RAL) is an IoT security provider helping organisations trust IoT solutions throughout their lifecycle. RAL provides comprehensive IoT security by design, risk management, consulting, audit and certification services supported by automated processes. RAL provides assessments and certifications of connected devices based on multiple standards, including IEC 62443, common criteria, ETSI 303 645, and NIST 8425. RAL is also involved with the European Union Agency for Cybersecurity (ENISA) to develop the EUCC scheme for ICT products and EUCS scheme for cloud services in the context of the Cybersecurity Act in Europe.
Ayman Khalil, managing partner and COO of Red Alert Labs, says “Given our experience performing IoT device evaluations and certifications for various standards like ETSI 303 645, we are quite pleased to be working with ioXt Alliance, both for SmartCert certifications and for the upcoming U.S. IoT device security labeling programme. IoXt is working closely with NIST, in accordance with the executive order given by the White House, in supporting the development of that programme.”
“Authorised labs are important organisations in the ioXt Alliance as they provide ioXt certification testing to ensure devices are secure for consumers and businesses to use,” says Jan Bondoc, vice president of information technology at the ioXt Alliance. “We’re very pleased to welcome Red Alert Labs as an Authorised Labs partner to work with us to advance security in the IoT industry.”
ioXt certification includes both security controls implemented in a connected device and the manufacturer’s security practices. An example of the former is whether security updates are applied automatically when possible. An example of the latter is whether the manufacturer published a policy to notify customers when support will end for their product.
Besides assessing and certifying connected devices and their manufacturers, RAL helps end-user organisations assess the cybersecurity risks they face from devices they are considering for procurement. After procurement, RAL helps those organisations assess and mitigate security issues identified in devices they use. For example, RAL will soon provide services based on the NIST.IR 8425 cybersecurity framework for connected devices, developed by the U.S. National Institute of Standards and Technology (NIST).
Comment on this article below or via Twitter @IoTGN