JC-Star, JC star, IPA

[Japan Cybersecurity] Japan Launches JC-STAR IoT Security Rating System, and THE ONE Provides Full Support.

/in

JC-STAR IoT Security Rating System

The Japan Information-technology Promotion Agency (IPA) has recently introduced the JC-STAR (Japan Cyber-Security Technical Assessment Requirements), a security rating system for IoT devices. This initiative aims to enhance the security of IoT products while providing consumers with clear and reliable information about product safety. The system aligns with international standards such as ETSI EN 303 645 and NISTIR 8425, establishing a unique evaluation framework for IoT security in Japan.

Overview of the JC-STAR System

The JC-STAR system is based on technical security requirements designed to evaluate and label IoT products that meet safety standards. The system categorizes products by different security levels and uses labeling to provide consumers with a clear understanding of a product’s security level.

Currently, the entry-level “★1” rating has been introduced, setting a foundational security standard broadly applicable to various IoT devices. This ensures that these devices possess minimum defensive capabilities to resist common cyberattacks.

Key highlights of the “★1” rating include:

  • Preventing IoT devices from being infected with malware and becoming part of botnets.
  • Defending against remote attacks from the internet.
  • Requiring clear policies for addressing and supporting vulnerabilities or defects.
  • Ensuring the proper deletion of data generated during device operation when it is disposed of or resold.

Applicable Products

The “★1” rating primarily applies to IoT devices that meet all the following criteria:

  1. Products include hardware, with the label affixed to the device. Software or cloud services alone are not included.
  2. Devices must have the capability to send and receive data using internet protocols (IP).
  3. Devices may connect to the internet, directly or indirectly.
  4. Devices are difficult or impossible to add new security features post-purchase (beyond updates).

Examples of devices not typically covered by the “★1” rating include personal computers, smartphones, and tablets, as they do not meet the fourth criterion. Additionally, devices physically or logically isolated from the internet are also excluded.

Application Requirements and Process

The “★1” rating evaluation follows a self-declaration model, where manufacturers are responsible for assessing their products’ compliance with the security standards. The application process includes the following steps:

  1. Prepare Supporting Documents:
    While proof of compliance is not required during application submission, supporting documents such as technical files, internal reports, and regulations must be prepared for the evaluation process.
  2. Complete the “Suitability Evaluation Checklist”:
    Using the prepared documentation, carefully complete the checklist to ensure accurate evaluation results for each item.
  3. Submit the Checklist:
    Once completed, submit the checklist to complete the application.
  4. IPA Review:
    IPA will review the submitted checklist upon receipt.
  5. Possible Submission of Supporting Documents:
    During the validity period of the rating or if IPA raises questions regarding the application, manufacturers may be required to provide supporting documents for review.

Manufacturers can opt to work with external agencies (e.g., JC-STAR evaluation or verification agencies) to assist in the evaluation and checklist completion. Additionally, even under a Non-Disclosure Agreement (NDA), IPA reserves the right to request supporting documents. Manufacturers must ensure the accuracy and authenticity of their submissions and actively cooperate with IPA’s review requirements.

THE ONE’s ★1 Services

THE ONE offers comprehensive support for your “★1” rating application, including:

  • Assisting with documentation preparation.
  • Conducting product evaluations.
  • Performing necessary testing to provide evidence for evaluation.
  • Submitting applications on your behalf.

For any inquiries or service requests, feel free to contact us.

Email: Charles.liao@theonelab.co
Phone: 02-8601-2828