The Certification Process
Manufacturer submits a request for certification through the CTIA Certification database.
Manufacturer selects an authorized test lab.
Test lab confirms the desired certification level.
Test lab conducts testing and submits test results to the certification database.
Manufacturer submits required documentation to the certification database.
Manufacturer pays lab for testing and CTIA for certification.
CTIA Certification ensures that all requirements have been met.
Certification notice is issued to the manufacturer.
IoT Cybersecurity Certification FAQs
Here are answers to common questions about our IoT Cybersecurity Certification Program. If you have questions that we have not answered, please submit a question or contact us.
As per the Cybersecurity Certification Test Plan, an IoT device is classified as a device that contains an IoT application layer that provides identity and authentication functionality, as well as at least one communications module that supports 5G, 4G LTE, or Wi-Fi connectivity. An IoT device also connects to at least one network to exchange data with other devices, vehicles, home appliances, infrastructure elements, et cetera.
Your device is eligible for this certification if you can answer “yes” to all of the following questions. Discuss with an authorized test lab if you answer “no” to any of the questions.
- Passwords: Do each of your devices have unique passwords, whether they are accessed by the user or a cloud service provider? If your device connects via LTE and/or Wi-Fi, meaning there is likely some remote authentication action happening, is that authentication based on password access?
- Login Roles: If your device supports more than one role (privilege level), does it enforce separation between the supported roles (e.g., a user account and an admin account)?
- Providing updates: Does your company provide software patches and/or software/firmware updates for your device? Does your device validate the patch or update?
A device that is uniquely defined must go through its own cybersecurity testing. Leveraging “parent” device testing/certification will not be accepted. “Uniquely defined” refers to a specific combination of hardware, software, and firmware release versions. If new software is released, a manufacturer will be required to assess whether a retest is needed.
- Level 1: Core security elements recommended for consumer-grade devices.
- Level 2: Enhanced security elements well-suited for business and enterprise managed devices.
- Level 3: Advance security elements designed to protect infrastructure-managed devices.
- Level 1 Initial Request = $500
- Level 2 Initial Request = $750
- Level 3 Initial Request = $1,000
- ECO Request = $500
Certification testing fees are separate and are determined independently by each CTIA Certification Authorized Test Lab (ATL).
CTIA Certification working groups are the foundation of our certification programs. This global network of operators, service providers, device manufacturers, test labs, and many others, solve industry challenges, enable new efficiencies, and hold the wireless industry to the highest standard.