www.keyman.or.jp

ポイント

• ISO 20022 : pronounced ‘ISO twenty-oh-two-two’
• An international standard for exchanging electronic messages between financial institutions
• 金融システム全体のメッセージフォーマットの標準化？セキュリティ、請求、決済、為替といった大項目が存在し、それらの小項目としてより具体的な通信のルールを規格化している。

Link

sdk.finance

blog.ipswitch.com

One possible way of organizing a hierarchy of certifications. The bottom illustrates the most basic sets of rules, while the topmost box requires significant effort and resources to achieve.

ポイント

• Semiconductor EngineeringによるIoT Security (特にIoT Certification関連)に関する現状考察。IoT Security関連の様々な動きが完結に記述されている。必読！
• 記事構成 :
  • Intro
    • Security regulations for Internet-of-Things (IoT) devices are evolving around the world, but there is no consistent set of requirements that can be applied globally — and there may never be.
  • Scaling down for IoT security
  • Scaling up for IoT security
  • Governments set the basics
    • National Institute of Standards and Technology (NIST) 8259A, 8259D
    • NIST FIPS 140
    • US IoT Cybersecurity Act of 2020, Cyber Shield Act
    • ETSI EN 303 645
    • EU also passed its own European Cybersecurity Act. It strengthens ENISA
    • ISO is likely to unify the U.S. and European approaches via ISO 27402. China, meanwhile, has its own OSCCA organization.
  • Industry consortia pick up from there
    • Common Criteria - But it is a heavyweight system typically used for smart cards and trusted execution environments (TEEs)
  • A variety of standards groups
    • IoT Security Foundation (IoTSF) - establishes basic guidelines and an approach for self-certification
    • Arm and its ecosystem partners - PSA Certified (Platform Security Architecture)
    • GlobalPlatform - SESIP (Security Evaluation Standard for IoT Platforms)
      • still silicon-focused, but is more extensive than PSA
      • a Lightweight version of Common Criteria
      • Given certification to the SESIP PSA profile, a device can achieve both SESIP and PSA certification. The reverse is not true, however: PSA certification alone would not qualify for SESIP certification.
    • ioXt (Internet of Secure Things) - system level. Focuses on the IoT at scale. It’s a “composite” approach that accepts component and module certifications when certifying the entire device.
  • Rigor and metrics — or not
  • Setting expectations
  • What are developers to do?
  • What about IoT consumers?

Link

semiengineering.com