The framework for securing a trillion devices

The Platform Security Architecture (PSA) makes it quicker, easier and cheaper to design security into a device from the ground up. Built on industry best practices, it outlines common standards for security.

The Platform Security Architecture (PSA) is made up of four key stages: analyze, architect, implement, and certify. It offers:

  • A holistic set of resources. 
  • A contribution to the entire IoT ecosystem, from chip designers and device developers to cloud and network infrastructure providers and software vendors.
  • Common guidelines and a more economical approach to building secure devices.

Find out more about the four stages of PSA in our overview white paper.

If you know the technical resources you are looking for, click on one of the following icons to jump straight to the right section:

Analyze the security risks that threaten your device and determine the necessary security requirements and counter-measures to mitigate those risks.

Build-in the correct set of security requirements needed to protect your device from malicious attacks, using architecture-agnostic specifications.

Implement security requirements with a compliant reference trusted code base, allowing quick and easy porting to modern chips and platforms.

Use PSA Certified - an independent security evaluation scheme - to check the robustness of your device and assure it has the required level of security.


The analyze stage offers a set of freely available example Threat Models and Security Analyses (TMSA) for three common IoT use cases. The goal of this stage is to analyze the threats that have the potential to compromise your device and generate a set of security requirements, based on the risks.

Asset tracking application icon

Asset TrackerTMSA

Download analysis
Water smart meter application icon

Smart Water Meter TMSA

Download analysis
Webcam application icon

Network Camera TMSA

Download analysis


The architect stage contains a set of freely available hardware and firmware specifications that allow you to design-in the necessary security requirements for your device. These specifications include the PSA Security Model (PSA-SM), Trusted Base System Architecture for M-Profile (TBSA-M), PSA Firmware Framework (PSA-FF), and the Trusted Boot Firmware Update (TBFU). The PSA Security Model provides important terminology and methodology for PSA and informs the use of the other PSA specifications.

Security Model (PSA-SM)

Top-level requirements for secure design of all devices, outlining the key goals for designing devices with known security properties. We recommend security leads to read this document first.

Download PSA-SM

Firmware Framework(PSA-FF)

Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an IoT device.

Download PSA-FF

Trusted Boot and Firmware Update (PSA-TBFU)

System and firmware technical requirements for firmware boot and update.

Download PSA-TBFU

Trusted Base System Architecture for M (TBSA-M)

Specifications for hardware requirements for Armv8-M devices, including best practice recommendations for Armv6-M and Armv7-M devices.

Download TBSA-M


The implement stage provides an open source firmware reference implementation, APIs and an API test suite. Trusted Firmware-M is a reference implementation of secure world software. It provides SoC developers and OEMs with a reference trusted code base that complies with the PSA specifications.

Additionally, there are three sets of PSA APIs that ensure application interoperability across different hardware implementations of the device Root of Trust. These include the PSA Developer APIs for RTOS and software developers, PSA Firmware Framework APIs for security specialists, and TBSA APIs for silicon manufacturers.

Trusted Firmware-M (TF-M)

Trusted Firmware-M is an open source reference implementation firmware. TF-M is the preferred implementation of PSA specifications, allowing quick and easy porting to modern chips and platforms.

Platform Security Architecture Certified logo


The certify stage, known as PSA Certified, is an independent evaluation and certification scheme, developed by Arm and its security partners. The scheme is split into two key areas: PSA Functional API Certification and PSA Certified.

PSA Functional API Certification checks that software uses PSA interfaces correctly, through an API test suite. 

PSA Certified consists of three progressive levels of assurance and robustness testing, enabling device makers to choose solutions appropriate to their use case.

Visit PSA

Smart door lock application guide

The PSA smart door lock application guide walks through a real-life IoT use case, designed to PSA specifications. It offers a step-by-step guide of how to use the four stages of PSA to design a more secure IoT device.

Download now

Arm support

Arm training courses are available to help you realize maximum performance with lowest risk and fast time-to-market. Find out more about our specific training courses for Threat Modelling and security IP.

Arm training courses  Open a support case