Security Regulations Compliance

Torizon can lower the effort and cost to comply and keep your focus on the unique value of your products and not on the effort to clear checkboxes in security requirement guidelines.

EU Cyber Resilience Act

The newly proposed EU Cyber Resilience Act is highly relevant for the Industrial Internet of Things (IIoT), Industrial Automation & Control Systems, and general-purpose microprocessors. It is driven by the enormous cost caused by cybercrime, estimated at EUR 5.5 trillion in 2021. The EU understands that this is caused by low cybersecurity standards in HW and SW and the inability of users to choose products with adequate security due to missing transparency. The penalties for non-compliance are up to €15 million or 2.5 percent of their global annual turnover.

Some of the Requirements for the Cyber Resilience Act

  • Communication about vulnerabilities
  • No delay in patching the vulnerabilities
  • Secure-by-default configuration
  • Cybersecurity risk assessment
  • Software Bill of Material (SBOM) requirements

Torizon can simplify compliance with the upcoming Cyber Resilience Act

Learn More Talk to us
Simplify Development and Cybersecurity Compliance with Texas Instruments Family of MPUs
Register Now!
The Cyber Resilience Act is here
Learn more
Getting Ready for the EU Cyber Resilience Act with Security Hardening of U-Boot
Learn more
Get a head start on EU Cyber Resilience Act compliance with Embedded Linux
Watch now
Are you really ready for the new EU Cyber Resilience Act
Watch now

FDA- Software Updates are now expected

For a long time vendors of medical devices have tried to avoid changes to the HW or SW product to avoid needing recertification and a submission of 510(k). However, the requirements are changing. Now, companies are required to keep the software up to date and provide secure update functionality. Changes improving the cybersecurity of the device means it does not require a 510(k).

Learn More

From the new Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff

On Software Updates

  • Anticipate the need for software patches
  • Consider the update process's reliability in the event of communication interruption or failure
  • Implement processes for rapid verification, validation, and distribution of patches and updates

FDA Tips for Clinicians - Keeping Your Patients’ Connected Medical Devices Safe

Watch now
FDA- Software Updates

When to Submit a New 510(k) For a Software Change to an Existing Device.


Whitepaper

Cybersecurity in Medical | Healthcare Devices - Evolving Regulations

VDC Research: Security | Medical Whitepaper

How Torizon Helps

Reliable Updates Process

Torizon offers out-of-the-box, over-the-air, or physical offline updates via a USB stick or SD Card. Several layers of validation and fallback systems ensure your devices keep working at all times.

Proven Security Framework

Torizon utilizes the Uptane Framework, which is designed to be resilient even to the best efforts of nation-state attackers. Many larger Automotive OEMs use Uptane. Uptane is now a Linux Foundation Joint Development Foundation project.

Frequent OS Updates

Torizon offers frequent validated updates of its Embedded Linux Torizon OS (formerly TorizonCore). Software life cycles are optimized for the needs of medical and industrial devices.

Rapid development, testing and deployment

Torizon Tools and integrations lower the time to develop, test and deploy a patch. CI/CD integration can improve your DevOps DORA Metrics, such as Change Failure Rate and Lead Time for Changes.

Integration with Secure Boot

Guarantee the authenticity and integrity of your product’s software. Torizon works well with HW-based security features, and enables you to comply with regulations and have more secure products.

Security Advisor Tool

Try our Torizon Security advisory tool to get tips on improving your device's security. The tool is hosted on Toradex experimental Labs pages

Software Bill of Materials (SBOM)

You want to know exactly what goes into your software. We publish this information, together with CVE reports, on every TorizonCore build, readily available.

Defense in Depth

Torizon security concept is built around Defense in Depth. Several layers of protection are used, including two-factor authentication, mutual TLS, unique x.509 certificates on every device, offline keys, and role-based permissions, among others..

Videos

Secure Boot
Aug 1, 2024

Out-Of-The-Box Secure Boot and Support with Torizon

Torizon now supports Raspberry Pi, generic x86, RISC-V, and many other platforms, providing more flexibility and options for developers! Discover how Torizon is leading the way with secure boot support on the Texas Instruments AM62 System on Module and what's next on the roadmap for enhanced security features.

Sergio Prado,

Trainer and Consultant, Founder of Embedded Labworks

Cybersecurity
Jul 23, 2024

Cybersecurity Compliance with Savoir-faire Linux and Torizon

Discover how Savoir-faire Linux is leveraging Torizon to facilitate secure boot, manage software vulnerabilities, and support a comprehensive Software Bill Of Materials (SBOM) to enhance security from the ground up for customers.

Jérôme Oufella,

VP of Technology, Savoir-faire Linux

Èloi Bail,

Director of Operations, Savoir-faire Linux


IoT Security Blog Series

Learn from our expert Jon, why remote updates are crucial for the security of connected IoT devices. At the same time, Jon will also explain why a remote update feature can be a serious security risk and how hard it is to get it right. In the last part, you discover with Jon common issues Over-the-air Update systems.
IoT Security
March 16, 2022

IoT Security Blog Series Part 3
Software update security: Common mistakes

This is part 3 of our 7-part series about over-the-air software updates. In part 1, we told you about all the reasons it’s important to be able to deliver software updates remotely, and in part 2 we wrote about all the reasons software update systems are dangerous. Today, we’re looking at ways to protect your software update system that might seem secure at first glance, but aren't—with famous real-world failures for each example.

Jon Oster

Platform Development Lead, Toradex

IoT Security
February 10, 2022

IoT Security Blog Series Part 2:
The dangers of remote updates

This is part 2 of our 7-part series about over-the-air software updates. In part 1, we told you about all the reasons it’s important to be able to deliver software updates remotely - in today’s world, you can’t keep any connected device secure unless you can update it. Today’s post, though, goes in the opposite direction: we’re going to look at why software update systems can be incredibly dangerous, and why you should treat them with skepticism and caution.

Jon Oster

Platform Development Lead, Toradex

IoT Security
January 18, 2022

IoT Security Blog Series Part 1:
Why do we need remote updates for connected devices?

With the explosion of internet-connected devices in recent years, there has been an industry-wide realization of the need to keep these devices updated throughout their lifetime. This is the first part of a series that will explore the concept of remote over-the-air (OTA) updates, providing designers details they will need when implementing remote OTA update solutions into their systems. We will especially focus on the important security aspects. We’ll start with the basics.

Jon Oster

Platform Development Lead, Toradex


On-Demand Webinars

Secure Boot
January 22, 2025

Safeguard your Embedded Linux devices with Secure Boot

In this webinar, we will explain what Secure Boot is, why it’s needed, and how it’s implemented. We also present a live demo, illustrating how Toradex makes it easy to enable Secure Boot using the Yocto-based Linux Torizon OS.

Safeguard your Embedded Linux devices with Secure Boot
Drew Moseley

Drew Moseley,

Technical Solutions Architect, Toradex

Stefano Viola

Stefano Viola,

Torizon Group Engineering Manager and Software Architect, Toradex

Security
September 29, 2022

Enhanced Cybersecurity and FIPS 140-2 Compliance using NXP® i.MX 8X

The road to cybersecurity compliance for regulated applications in the utilities, medical, and defense industries can be difficult. Achieving the required certifications can significantly increase timelines for development time/cost which can significantly delay a product launch.

Dr. Hal Aldridge,

CEO, Secmation

Talk to us about FIPS 140-2/3

Get Started

My team owns

Torizon is fully integrated with Toradex Hardware

Torizon OS runs on most of our newer modules! Leverage a fully integrated stack and start developing today.

Integrating Torizon is easier than you think!

Torizon OS is fully Open Source! We provide references on how to integrate it with your own hardware. Do it yourself or with our partners!

We have everything you need to get started!

To kick-start your evaluation, choose from these Starter Kits to profit from the tight software-hardware integration.

Get in Touch With Us

Want to know more about Torizon?

?Have a Question ?
Toradex Community
Contact Us
Call us in Seattle
+1 (800) 871-6550