Compliance Suite for STM32

Compliance Suite for STM32 includes security development tools and practical guidance, delivering a shrink-wrapped solution for organizations to ensure security legislation assurance in IoT applications.

With new legislation for IoT security and privacy rapidly being introduced globally, compliance according to these regulations is a challenge for organizations and developers working with embedded applications. For your existing or new application, this means that it has to meet a new set of baseline standards. The good news is that we can help you to comply with the new regulations. Compliance Suite is what you need!

Evolving IoT Security Legislation

The Consumer IoT Security Standard EN 303 645, based on the 13 Best Practices Guidelines evolved by the IoT Security Foundation and UK Government, is widely regarded as the security benchmark for Consumer IoT. Both the standard and the guidelines contain core requirements for applications, which developers should achieve. Compliance Suite enables you to rapidly build applications with these core requirements included.

Compliance Suite enables you to rapidly build applications with these core requirements included.

As a founding member of the IoT Security Foundation, a non-profit organization dedicated to driving security excellence, Secure Thingz has been involved in the creation of best practices, compliance and vulnerability disclosure for over 5 years. 

Compliance Suite for STM32

What are the 13 Best Practices?

  • Defined by the IoT Security Foundation
  • Adopted by the UK Government
  • Adopted by the EU in ETSI EN 303 645
  • Supported by US Cybersecurity Improvement Act

13 Best Practices in Practice

The Preconfigured Security Context included with Compliance Suite targets a broad set of the Best Practice requirements.

A Preconfigured Security Context defines the configuration of a trusted execution environment. It includes all the necessary security and encryption settings for protecting an application against security threats such as IP theft, malware injection, illegal access, copying or counterfeiting. This innovative technology ensures that you remain in control of your application, today and into the future.

Included in Compliance Suite


Compliance Suite for STM32 is specifically designed for applications based on the STM32 family of MCUs from STMicrolelectronics. To use it, you need a license of IAR Embedded Workbench for Arm.

  • Preconfigured Security Context – Ensuring all necessary security and encryption are automatically included in your application
  • Secure Boot Manager – Securing the overall boot process to protect the device
  • C-Trust – Extension to IAR Embedded Workbench for Arm enabling secure, encrypted code
  • C-STAT – Static code analysis tool ensuring code quality

Supported devices: STM32F405, STM32F407, STM32F412, STM32F429, STM32F777, STM32L475, STM32L4R, STM32L4S5, STM32L5, STM32H725, STM32H735, STM32H743, STM32H753, STM32H7A3, STM32H7B3, STM32WB55

Practical Guidance

Unique package of courses with hands-on guides led by Secure Thingz’ in-house security experts. Topics include:

  • Introduction to Embedded Security
  • Security Development Workflow
  • Legislation and Compliance Requirements
  • Meeting the IoT Security Foundation Compliance Framework

Practical Guidance Included

Unique package of courses with hands-on guides led by Secure Thingz’ in-house security experts. The package includes a full day of training, divided in different parts based on topic.

Introduction to Security

  • Introduction to Embedded Security
  • Guiding principals and outcomes – Threats, Analysis and Requirements
  • Fundamentals of Security – PKI, Identity, Device Management and Cryptography

Legislation and Compliance Requirements

  • Legislation and Standards Update
  • Introduction to IoT Cybersecurity Improvement Act
  • Introduction to European Standard EN 303645
  • 13 Best Practices & Requirements
  • Alternative regulations
  • Vulnerability Disclosure

Meeting the IoT Security Foundation Compliance Framework

  • Mapping C-Trust implementations to the Compliance Framework
  • Compliance Classes
  • Business Processes
  • Device Hardware and Software Requirements
  • Authentication, Authorization and Privacy
  • Secure Supply Chain Production
  • Configuration Considerations
  • Device Ownership and Transfer

Secure Development Workflow

  • Introduction to the Secure Development Workflow
  • Introduction to C-Trust
  • Security Context Overview
  • Application Development
  • Leveraging Preconfigured Security Contexts
  • Lifecycle Management