Internet of Things (IoT) Cybersecurity Certification
This CTIA cybersecurity certification program for IoT devices establishes an industry baseline for device security on wireless networks. The program protects consumers and wireless infrastructure while also creating a more secure foundation for smart cities, connected cars, and other IoT applications.
The Certification Process
Request
Manufacturer submits a request for certification through the CTIA Certification database.
Select
Manufacturer selects an authorized test lab.
Lab Confirmation
Test lab confirms the desired certification level.
Test
Test lab conducts testing and submits test results to the certification database.
Submit
Manufacturer submits required documentation to the certification database.
Pay
Manufacturer pays lab for testing and CTIA for certification.
Confirm
CTIA Certification ensures that all requirements have been met.
Notify
Certification notice is issued to the manufacturer.
IoT Cybersecurity Certification FAQs
Here are answers to common questions about our IoT Cybersecurity Certification Program. If you have questions that we have not answered, please submit a question or contact us.
As per the Cybersecurity Certification Test Plan, an IoT device is classified as a device that contains an IoT application layer that provides identity and authentication functionality, as well as at least one communications module that supports 5G, 4G LTE, or Wi-Fi connectivity. An IoT device also connects to at least one network to exchange data with other devices, vehicles, home appliances, infrastructure elements, et cetera.
Your device is eligible for this certification if you can answer “yes” to all of the following questions. Discuss with an authorized test lab if you answer “no” to any of the questions.
- Terms of Service and Privacy Policy: Does your device have a Terms of Service and a Privacy Policy? Do your Terms of Service state how long you plan to support your IoT device? Keep in mind that you can extend that support period after the product launches through a Terms of Service update.
- Passwords: Do each of your devices have unique passwords, whether they are accessed by the user or a cloud service provider? If your device connects via LTE and/or Wi-Fi, meaning there is likely some remote authentication action happening, is that authentication based on password access?
- Login Roles: If your device supports more than one role (privilege level), does it enforce separation between the supported roles (e.g., a user account and an admin account)?
- Providing updates: Does your company provide software patches and/or software/firmware updates for your device? Does your device validate the patch or update?
A device that is uniquely defined must go through its own cybersecurity testing. Leveraging “parent” device testing/certification will not be accepted. “Uniquely defined” refers to a specific combination of hardware, software, and firmware release versions. If new software is released, a manufacturer will be required to assess whether a retest is needed.
- Level 1: Consumer and Enterprise Devices
- Level 2: Enterprise Devices
Request Type
- Level 1 Initial Request = $500
- Level 2 Initial Request = $1,000
- ECO Request = $500
Certification testing fees are separate and are determined independently by each CTIA Certification Authorized Test Lab (ATL).
Please reference the Policies and Procedures for CTIA Certification Authorized Test Labs.
Certification requests can be submitted online here.
Authorized IoT Cybersecurity Test Labs
There are numerous CTIA Certification Authorized Test Labs (ATLs) throughout the world. Find one near you.
Working Groups
CTIA Certification working groups are the foundation of our certification programs. This global network of operators, service providers, device manufacturers, test labs, and many others, solve industry challenges, enable new efficiencies, and hold the wireless industry to the highest standard.