Successful evaluation by Brightsight leads to Arm receiving the first high-assurance Common Criteria security certification (EAL6+) for their Cortex-M33 and Cortex-M35P soft IP processors

12.05.20 10:35 AM By Brightsight

Brightsight, the number one security lab in the world, is proud to announce that Arm has received the first ever high-assurance Common Criteria security certification for their soft IP processor designs, Cortex-M33 and Cortex-M35P, after an evaluation completed by Brightsight. Both processors and their security features including TrustZone and the memory protection unit (MPU), as well as the specific security features in the Cortex-M35P that address attacks typically requiring proximity to the target device, have been certified to EAL6+ for the Common Criteria ISO 15408 standard under the Dutch Common Criteria certification scheme NSCIB. 

The certification is unique in the world of security assurance and a significant milestone for Brightsight, Arm, and the entire industry. It is the first time that a soft processor with these built-in security provisions has been certified using one of the highest Common Criteria levels. The certification can be used by the entire ecosystem, providing Arm partners with a quality security IP they can trust. Arm partners will also be able to reuse the results used for this security evaluation.

Semiconductor companies can now accelerate the path to achieving high-assurance certification of their complete design with these security packages. The Cortex-M35P processor certification can benefit companies designing products for a wide range of applications, such as smart cards, bank cards, SIM cards and SoCs that can be used in secure apps (e.g. in authentication terminals for passport control at airports). The Cortex-M33 processor is more widely used in IoT applications, especially those that require efficient security from software and logical attacks.

NSCIB confirmed Arm's relevant development site audited by Brightsight as compliant with the Minimum Site Security Requirements (MSSR). Arm partners can benefit from this MSSR site certification, because it is no longer needed to arrange an audit of the Arm development site. This can lead to cost and time savings. 

“Security certifications are important for developers addressing accountability, compliance and risk management,” said Dirk Jan Out, CEO at Brightsight. “Arm is leading the way by certifying the building blocks serving as the foundation for future secure products.”

If you would like to learn more, please visit the links below:

https://community.arm.com/developer/ip-products/security/b/security-ip-blog/posts/arm-receives-first-high-assurance-common-criteria-security-certification-for-soft-processor-ip

https://semiengineering.com/security-from-the-ground-up/

Brightsight