Skip to content

Compliance Wizard

Summary

With ONEKEY's Compliance Wizard, you can easily check whether your firmware complies with a cybersecurity guideline. The tool guides you through each provision and points out gaps or potential violations. You can create a compliance bundle that contains all the details you can find on the platform, including the uploaded supporting materials.

Available cybersecurity guidelines
  • BITAG: Internet of Things (IoT) Security and Privacy Recommendations
  • CSA.GOV.SG: Cybersecurity Labelling Scheme 1.1
  • ENISA: Baseline Security Recommendations for IoT
  • EU: Cyber Resilience Act
  • ETSI EN 303 645: Cyber Security for Consumer Internet of Things: Baseline Requirements
  • GOV.UK: Code of Practice for consumer IoT security
  • IEC 62443-4-2: Technical security requirements for IACS components
  • IOTSF: IoT Security Assurance Framework
  • ioXt: 2020 Base Profile 2021 (2.0)
  • LEGINFO CA GOV: SB-327 Information privacy: connected devices
  • NIST IR 8259A: IoT Device Cybersecurity Capability Core Baseline
  • OWASP: TOP 10 INTERNET OF THINGS 2018
  • UK: Product Security and Telecommunications Infrastructure Act 2022
  • UN: Regulation No. 155

Firmware compliance

To see compliance violations for a particular firmware:

  1. Select it on your dashboard.
  2. Click on Compliance in Firmware analysis view.
  3. Select a guideline with the dropdown menu:
Select Guideline

To see the published guideline, click on the Go to page button.

Accept/decline suggestions

Once you have selected a guideline, you can go through each provision one-by-one and either accept or override ONEKEY’s decision regarding any violations.

Warning

ONEKEY only detects security standards violations based on the information available in the firmware, therefore a manual check is recommended.

Provisions are listed in detail at the bottom, but are also represented by colored squares in the Requirements section. At first, each provision will be under the Not Filled category.

Compliance - Requirements section

Red square: Violated
Green square: Not violated
Blue square: Manual check required
Grey square: Not applicable

Apply automatic assessment

Click on a provision to bring up the Compliance Wizard. Here you can either accept the automatic assessment, by clicking on the Apply suggestion button, or make your own claim.

To do so, select an option from the Claim dropdown and click Save. Here you can also enter an optional argument supporting the claim.

Make your own claim

Use the left sidebar or the Previous/Next buttons to jump to another provision.

Success

Click on the Supporting materials button to see the CVEs and issues that led to the ‘Violated’ decision.

You can reposition the popup with the button.

Click on the Exit button in the bottom-left corner to close the Compliance Wizard.

Filled provisions are displayed under the Up to Date category of the Requirements section.

If a new analysis of the firmware is performed (either triggered manually or automatically by the monitoring function) or you change the status of an issue/CVE that contributed to a compliance violation, the affected provisions will be moved to either Outdated Same or Outdated changed depending on whether the platform's suggestion has changed.

Upload supporting materials

Some guidelines may require you to upload additional materials. To do so, click on the View button in the Product Info section and select Upload supporting files.

Info

All supporting materials are included in a compliance bundle.

Downloads

Generate a compliance bundle

Click the Generate bundle button to create a zip file that includes all the information available on the platform. Once it's ready, you can download the file by clicking Download latest bundle. You can check all the bundles you have created for a specific firmware on the Compliance Bundle History page in Firmware analysis view.

Export compliance items

You can export the compliance items only (in CSV or JSON formats), by clicking the Export Compliance Items button.

Details included in the export
  • Guideline Title
  • Section Title
  • Title
  • Requirement
  • Problem Background
  • Solution
  • Type (ONEKEY's assessment)

Global Compliance tab

Click on the Compliance tab in the top menu bar to get an overview of security guideline violations found in all your uploaded firmware. Use the Select Guideline dropdown on the right-hand side to select a policy.

Click on a provision to enter the Compliance Wizard.

Info

Note that the provisions listed on the left only apply to one firmware. The name of the firmware can be found in the Firmware column on the Global compliance page.