Cybersecurity Solutions

As digital footprints expand, compliance and resilience are no longer optional they are market entry requirements. CNLABS provides the technical depth needed to secure next-gen infrastructure and validate products against global regulatory standards.

We move beyond simple "check-box" security, offering deep-dive validation that builds market trust and accelerates your deployment timeline.

Lab

Industry-Recognized Certifications

EU RED European Union Radio Equipment Directive certification Cybersecurity compliance under Article 3(3)(d), (e), and (f) for radio-enabled products
View Certification Details →
CRA (EU) Cyber Resilience Act European regulation for cybersecurity of digital products
View Certification Details →
BIS Certification (India) Mandatory CRS Registration for CCTV Cameras & Recorders Compliance with IS 13252 (Part 1) standards for Indian market entry
View Certification Details →
ITSAR (India) Indian Telecom Security Assurance Requirements Security assurance standards for telecom equipment & infrastructure
View Certification Details →
FIPS 140-3 Federal Information Processing Standard for cryptographic modules Hardware and software security validation
View Certification Details →
Common Criteria (CC) International standard for computer security certification EAL1–EAL7 evaluation assurance levels
View Certification Details →
MUD-CCF Manufacturer Usage Description – Certification & Conformance Framework Standardized testing and certification framework for validating IoT device compliance with the IETF MUD specification
View Certification Details →
ETSI EN 303 645 Cybersecurity Standard for Consumer Internet of Things (IoT) Devices European telecommunications standard defining baseline security requirements for connected consumer products
View Certification Details →

Comprehensive Security Services

Security Services

Uncover exploitable vulnerabilities before attackers do. We conduct VAPT and Red/Blue Team exercises to harden your defenses.

View Technical Scope →

Independent Validation

Confirm that your solutions meet the rigorous demands of regulators through NIST-standard testing lab methodologies.

View Technical Scope →

Lifecycle Integration

Security and compliance are continuous responsibilities, not one-time activities, ensuring sustained alignment with evolving regulatory requirements.

View Technical Scope →

Custom Programs

Specialized testing for unique technology stacks including IoT, Cloud Edge, and Automotive networking risk frameworks.

View Technical Scope →

EU RED

Under Commission Delegated Regulation (EU) 2022/30, cybersecurity requirements under Article 3(3)(d), (e), and (f) of the EU Radio Equipment Directive became mandatory from 1 August 2025.

Compliance with these requirements is supported through the harmonised EN 18031 standards:

  • EN 18031-1 → Article 3(3)(d)
  • EN 18031-2 → Article 3(3)(e)
  • EN 18031-3 → Article 3(3)(f)

All radio equipment placed on the EU market must now comply with these requirements.

Key Cybersecurity Objectives Under EU RED Article 3(3)(d), (e), and (f)

Network protection (Article 3(3)(d))

Requirements to ensure radio equipment does not harm network operations or misuse network resources.

Protection of personal data and privacy (Article 3(3)(e))

Requirements to safeguard personal data and communications through built-in security measures.

Fraud prevention (Article 3(3)(f))

Requirements to reduce fraud risks in equipment involved in financial or sensitive transactions through appropriate security controls.

Why CNLABS for EU RED Cybersecurity Compliance?

  • ISO/IEC 17025:2017 accredited testing recognized under the ILAC Mutual Recognition Arrangement (MRA) for the EN 18031 series and ETSI EN 303 645 standards
  • Prepares products for EU RED Article 3(3) cybersecurity readiness before formal conformity assessment
  • Performs EN 18031 pre-compliance gap analysis and testing
  • Identifies the applicable EN 18031 standard(s) for each product
  • Supports technical documentation and evidence for CE marking and notified-body review
  • Assesses product cybersecurity risks and compliance impact of updates
  • Supports testing across all radio-enabled devices — consumer, industrial, network, payment, and privacy-sensitive products

CRA (EU)

The EU Cyber Resilience Act introduces mandatory cybersecurity requirements for all products with digital elements placed on the EU market. It applies across connected devices, embedded software, applications, and systems, covering the full product lifecycle.

Core CRA Cybersecurity Requirements

  • Secure-by-design and secure default configurations
  • Continuous vulnerability management and patching
  • Security updates throughout the supported product lifetime
  • Mandatory vulnerability monitoring and incident reporting
  • Software Bill of Materials (SBOM) for transparency

Key CRA Compliance Timeline

  • December 2024 - Regulation in force
  • September 2026 - Vulnerability reporting obligations
  • December 2027 - Full product compliance required

Why CNLABS for CRA Compliance?

  • Performs CRA pre-compliance readiness and gap analysis against regulatory cybersecurity requirements
  • Assesses secure-by-design and secure-by-default controls as required by the CRA
  • Evaluates vulnerability handling, patching, and update processes across the product lifecycle
  • Supports SBOM review and documentation to meet CRA transparency obligations
  • Assists with compliance evidence and technical documentation for market surveillance authorities
  • Provides security testing across IT, IoT and OT products

BIS Certification (India)

The Bureau of Indian Standards (BIS) introduced Essential Security Requirements (ER-01:2024 / IS 99999:2024) to strengthen cybersecurity and trust in CCTV cameras and recorders manufactured, imported, or sold in India. The framework enforces security controls across hardware, firmware, communications, and the product development lifecycle.

Core Security Pillars Under BIS CCTV ER-01:2024

Hardware Level Security Controls

Requirements addressing physical interface protection, secure boot mechanisms, device-unique credentials, and secure storage of sensitive material.

Software and Firmware Security Controls

Requirements covering secure coding practices, memory protection, encrypted communication, and authenticated firmware updates.

Secure Communication and Supply Chain Controls

Requirements related to protected network communication, protocol transparency, and verification of trusted component sourcing.

Security in Product Development and Manufacturing

Requirements ensuring documented hardware architecture, malware checks, and controlled manufacturing and supply chain security processes.

Why CNLABS for BIS CCTV Compliance?

  • First BIS-recognized private laboratory for CCTV security testing under IS 99999:2024
  • Conducts structured pre-compliance gap assessments across hardware, firmware, and security controls
  • Delivers evidence-based technical findings with clear remediation guidance
  • Prioritizes certification-blocking issues versus improvement areas
  • Validates fixes through focused re-testing before formal certification
  • Prepares OEMs to approach government labs for final compliance with first-attempt success

ITSAR (India)

The Indian Telecom Security Assurance Requirements (ITSAR) is a mandatory cybersecurity certification framework issued by the Department of Telecommunications for telecom equipment deployed in licensed networks in India.

The program is implemented through NCCS - National Centre for Communication Security and applies to a wide range of network and access infrastructure used by telecom service providers.

Products covered under notified ITSAR categories must meet defined security requirements before they can be deployed in Indian telecom networks.

Typical ITSAR Product Scope Includes

  • Firewalls and security gateways
  • IP routers and switching equipment
  • Wi-Fi CPE and broadband access devices
  • Optical access equipment such as OLT and ONT
  • Telecom network elements and management systems

Why CNLABS for ITSAR Readiness?

  • Performs ITSAR pre-compliance security testing and gap analysis
  • Identifies deviations across firmware, software, and processes
  • Provides evidence-based findings and remediation guidance
  • Issues detailed ITSAR pre-compliance test reports with security findings
  • Helps OEMs achieve first-time success in formal certification testing

FIPS 140-3

The Federal Information Processing Standard (FIPS) is a set of standards for information processing systems that all U.S. federal agencies, contractors, and vendors must adhere to.

Among the many standards available as part of FIPS, the FIPS 140-3 verifies the Security Requirements of Cryptographic Modules. The standards are developed and maintained by the NIST.

FIPS 140-3 maps to the ISO/IEC 19790 as the standard and ISO/IEC 24759 as the test specification.

NVLAP & CMVP

  • The National Voluntary Laboratory Accreditation Program (NVLAP) provides third-party accreditation to testing and calibration laboratories.
  • NVLAP-accredited laboratories are assessed against the management and technical requirements published in the International Standard, ISO/IEC 17025:2017.
  • The Cryptographic Module Validation Program (CMVP) was established by the NIST and the Canadian Centre for Cyber Security (CCCS) to oversee testing results of Cryptographic Modules by accredited third party laboratories.
  • As per FIPS 140-3, a crypto module is a set of hardware, software, firmware, or a combination thereof that implements cryptographic functions and is contained within a defined cryptographic boundary.

FIPS 140-3 TESTING APPLICABILITY

FIPS 140-3 tests and certifies the cryptographic module itself, not the entire product that uses it. The cryptographic module could be:

  • A standalone hardware device (like an HSM)
  • A software library (like OpenSSL FIPS module)
  • A firmware component (like crypto firmware in a secure element)
  • Or a combination of the above

CNLABS is actively building its FIPS 140-3 readiness and validation capability to support vendors preparing for next-generation cryptographic compliance as regulatory and procurement requirements shift fully to the 140-3 framework.

Common Criteria (CC)

Common Criteria is an internationally recognized security evaluation framework for IT products, defined under ISO/IEC 15408 and ISO/IEC 18045. It validates security functionality, assurance, and resistance to attacks across products such as network devices, operating systems, cryptographic software, cloud platforms, and embedded systems, with certifications recognized globally through the Common Criteria Recognition Arrangement (CCRA).

Assurance Levels

  • EAL1–EAL2 – Basic structured testing
  • EAL3–EAL4 – Design review and vulnerability analysis
  • EAL5–EAL7 – High-assurance verification

European Transition

  • Common Criteria evolving into the EUCC scheme under the EU Cybersecurity Act
  • EALs mapped to unified EU assurance levels such as Substantial and High

CNLABS is actively building its Common Criteria readiness and evaluation support capability to assist vendors preparing for CC and upcoming EUCC certification requirements, focussing on strengthening structured security evaluation expertise, documentation alignment, and vulnerability assessment methodologies in line with ISO/IEC 15408 and evolving regulatory frameworks.

MUD-CCF

Manufacturer Usage Description (MUD), defined under IETF RFC 8520, enables IoT devices to declare their intended network communication behavior, allowing networks to automatically enforce least-privilege access policies.

The MUD Conformance Certification Framework (MUD-CCF), developed collaboratively by CNLABS and UNSW Sydney, provides a standardized testing and certification approach to verify IoT device compliance with the MUD specification through defined test requirements, structured methodologies, and an automated conformance test tool.

Core MUD-CCF Capabilities

  • Standardized MUD conformance test specification
  • Automated validation of MUD files and device behavior
  • Structured certification levels (Bronze, Silver, Gold)
  • Scalable testing for large IoT deployments

CNLABS and MUD-CCF

CNLABS is a co-developer of the MUD Conformance Certification Framework and provides the technical foundation for MUD compliance verification, including test specification development, automated conformance testing, and certification workflows to support secure-by-design IoT deployments.

ETSI EN 303 645

Developed by the European Telecommunications Standards Institute, ETSI EN 303 645 defines baseline cybersecurity requirements for consumer IoT products. It establishes mandatory security provisions covering authentication, software updates, data protection, secure communication, and vulnerability handling to improve the resilience of connected devices.

The Thirteen Pillars of IoT Security

ETSI EN 303 645 was designed to mitigate the most common attack vectors used against smart home devices. It outlines 13 provisions that serve as a practical checklist for cyber resilience.

  • No Universal Default Passwords
  • Vulnerability Disclosure Policy
  • Keep Software Updated
  • Secure Storage of Sensitive Data
  • Secure Communication
  • Minimize Exposed Attack Surfaces
  • Ensure Software Integrity
  • Ensure Personal Data is Secure
  • Make Systems Resilient to Outages
  • Examine System Telemetry Data
  • Easy Deletion of Personal Data
  • Easy Installation and Maintenance
  • Validate Input Data

Why CNLABS for ETSI EN 303 645?

  • ISO/IEC 17025:2017 accredited testing laboratory for ETSI EN 303 645
  • Delivers fully accredited test reports mapped to standard requirements
  • Supports IXIT preparation and validation prior to testing
  • Provides structured findings aligned with conformity assessment needs
  • Covers consumer IoT and connected product categories

Ready to Strengthen Your Security Posture?

Whether you need a full security assessment or certification guidance, our team is ready to help.