About us

About BharatFIRST

About us

About BharatFIRST

BharatFIRST is a security assurance framework for all kinds of IoT devices and applications. The framework offers a comprehensive mechanism to ensure that security assurance can be assessed by third-party agencies based on self-declaration and security assessment/certification given by federated agencies for different parts of the IoT devices/applications. The end-customer or end-user, before procurement, may directly check the assessed security assurance level of the registered products at BharatFIRST portal, its authentic certificate and get assured of the suitability of the IoT products for its intended purpose in a particular domain.

BharatFIRST provides a certification process after an independent evaluation, ensuring compliance with national/international security standards. The certification can be checked by customers through the portal to confirm that a device meets the necessary requirement of the claimed security assurance level.

BharatFIRST security assurance portal may be used by original equipment manufacturers (OEMs), Resellers. Application Developer, System Integrator and end-users.

BharatFIRST is the joint research initiative of CSIR-CMERI Durgapur, Bevywise LLP and TIH-IoT IIT Mumbai.

Key Gains

Benefit of Security Certification?

By utilizing our product, you gain a host of benefits that empower you to maximize your sales potential, streamline your processes, and enhance customer satisfaction, ultimately driving your business towards greater success.

...
Consumer Confidence

Certified devices demonstrate compliance with security standards, assuring customers that the product is secure and reliable.

...
Market Reputation

Companies that obtain security certifications can showcase their commitment to cybersecurity, building trust with consumers, partners, and regulators.

...
Legal and Regulatory Requirements

Security certifications often help businesses comply with government and industry regulations, such as data protection laws or industry-specific security mandates.

...
Faster Market Access

With certification, products may more easily meet regulatory requirements in different regions, reducing delays in entering new markets.

...
Differentiation in the Market

Certified products stand out from competitors that lack security validation. This helps companies position their products as safer options, especially in security-conscious industries.

...
Faster Product Adoption

Customers, particularly in sensitive sectors, may prefer certified products, leading to faster adoption and stronger market traction.

...
Stronger Protection

Certified IoT devices are less prone to vulnerabilities, reducing the risk of hacking, data breaches, and other cyber threats.

...
Transparency

With certifications like BharatFIRST, consumers can easily check the third-party assessed security assurance level of IoT products, allowing them to make more informed decisions based on the product’s security level.

Getting Accredited

Certification Process

Explore the detailed steps and requirements involved in obtaining your certification, ensuring you have all the necessary
information to successfully navigate the certification journey.

Sign-Up on BharatFIRST Portal

Companies must register on the BharatFIRST portal, providing basic information including the GST number for automatic organizational detail verification.

Device Details

After registration, the company must provide information about the IoT device or application for certification.

Comprehensive Questionnaire

Next, complete a detailed security questionnaire and upload supporting documents regarding the product’s security features & compliance with the necessary security assurance classes.

Downloadable PDF

A PDF version of the questionnaire is available for review prior to submission to help manufacturers and resellers prepare required information.

Upload Required Documentation

The company must upload essential technical documents, including architecture, security features, firmware, and testing certificates that meet applicable standards.

Third-Party Assessment

BharatFIRST partners with federated agencies and third-party evaluators for independent assessments of features related to security assurance class requirements.

Security Audit

During this stage, an in-depth audit of the claims and submitted documents is performed to validate the security claims.

Certification Outcome

After evaluation, the product receives a security assurance class level certificate with a QR code for live verification of its security compliance.

Public Display of Certification

The security assurance level is displayed on the BharatFIRST portal, allowing users to verify the certified device's security status.

Qualification Stages

The Level of certification

BharatFirst has adopted the security assurance class levels recommended by the IoT Security Foundation. It assigns one of the five security assurance class levels to each submitted IoT product. The levels, ranging from 0 to 4, represent progressively stricter security criteria. Each level is described further in the following sections. Understanding these tiers enables one to assess the extent of security assurance required for an IoT product's use in a specific domain.

Compliance Class Security Objective
Confidentiality Integrity Availablity
Class 0 Basic Basic Basic
Class 1 Basic Medium Medium
Class 2 Medium Medium High
Class 3 High Medium High
Class 4 High High High

Class 0: Basic Security

  • Confidentiality, Integrity, Availability (CIA): Basic
  • Description: This is the lowest security level for IoT devices processing public information, where breaches result in minimal impact.
Class 1: Limited Security
  • Confidentiality: Basic
  • Integrity: Medium
  • Availability: Medium
  • Description: This class offers moderate security for devices where compromises may lead to limited impacts, aiming to protect against basic attacks on integrity and availability.
Class 2: Moderate Security
  • Confidentiality: Medium
  • Integrity: Medium
  • Availability: High
  • Description: Devices in this class require enhanced security to ensure availability, as compromises could disrupt critical infrastructure but may not involve sensitive data.
Class 3: Sensitive Security
  • Confidentiality: High
  • Integrity: Medium
  • Availability: High
  • Description: This class is for devices handling sensitive data, where breaches could lead to privacy violations, operational disruptions, or financial losses.
Class 4: Critical Security
  • Confidentiality, Integrity, Availability (CIA): High
  • Description: The highest security class for devices where breaches can have severe consequences, requiring maximum protection of confidentiality, integrity, and availability.

Essential References

Resources

This section provides a comprehensive collection of the key references and trusted sources that were instrumental in shaping and guiding the development of the content presented on this page.

E-books

IoTSF IoT Security Assurance Framework Release 3.0 Nov 2021 (iotsecurityfoundation.org)

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (nist.gov)

Presentations

PowerPoint Presentation (nist.gov)

Research Papers/Reports

IoT Standardisation in BIS (Mr. Manikandan K)

BIS Standards Formulation Document

IoT Security (Sachin)

Initiate Account Setup

An Initiative of CMERI ,TIH
and Bevywise

Begin your journey with us today by filling out the form below, and gain immediate access to a wide range of personalized features and valuable resources designed to enhance your experience and support your needs!

Sign In

The username or password incorrect

Forgot Password

Don't have an account ? Sign Up.

OR

Create an account

Hurray! Your have successfully entered the captcha.

Already have an account ? Sign in.

Contact Us

We're just a message away! Drop us a line, and let’s start a conversation that drives your success.