Solutions

Embedded systems, from refrigerators, thermostats, smart cars and medical devices to industrial systems, are increasingly becoming targets of data breaches and other cyber attacks. In response to the ever-growing cybersecurity threats, MVSecure services offer an end-to-end solution addressing security challenges in Linux embedded systems.

For more than 20 years, MontaVista has been a stalwart in providing long-term support and maintenance for Linux platforms, delivering CVE updates and bug fixes through our high-end quality assurance (QA) testing infrastructure. Our deep expertise in embedded Linux security and extensive experience with complex applications across industries is seamlessly integrated into MVSecure services to offer a proactive approach to hardening embedded system security.

MVSecure provides end-to-end cybersecurity consulting services designed to meet the unique needs of your projects, from security assessment to security implementation, system optimization and configuration. MVSecure provides a holistic evaluation of cybersecurity risks and controls as well as facilitates necessary enhancements to the overall system security.

Our expertise extends across the IoT security of production lines, medical networks, robotics and smart infrastructure applications. MVSecure services allow system developers to enable critical security features such as Secure boot, SELinux, Linux integrity management, ARM TrustZone, and TPM. MVSecure also addresses specific configuration standards, such as the Security Technical Implementation Guides (STIGs), the IoT Security Foundation Framework (IoTSF), and other domain-specific or internal security directives.

MVSecure offers streamlined consulting services for embedded developers seeking compliance with the latest system security certifications and regulations. Whether your cybersecurity needs are region-specific (e.g., US or EU), vary by applicability scope (international vs. national), or involve specific certification types (regulatory frameworks vs. industry benchmarks), MVSecure services provide comprehensive support across: 

• The EU Cyber Resilience Act (CRA)
• The EU Cybersecurity Act
• The US Executive Order on Cybersecurity
• Common Criteria (EAL levels)
• ISO (SIL levels)
• CIS Benchmarks

Market-specific regulatory requirements such as the FDA cybersecurity regulations for medical devices are also covered in MVSecure services. To support organizations in navigating the recent security regulations, we provide easy-to-apply compliance solution templates for the EU Cyber Resilience Act (CRA) and the US Executive Order on Cybersecurity.

Customers benefit from advanced features for software supply chain security at no extra costs. These include a trust scorecard for vetting and cybersecurity scanning as well as tools for generating and managing Software Bill Of Materials (SBOMs). CVE management is enhanced with OVAL-based descriptions to support Tenable Nessus, CIS-CAT, and OpenSCAP scanners. 

These capabilities enable customers to easily maintain transparency and compliance related to software component trustworthiness (e.g., risk assessment, vulnerability disclosure) in product development. Our efforts not only help organizations effectively address system vulnerabilities including CVEs and zero-day threats for NIST’s Zero Trust Architecture (ZTA), but also comply with regulatory frameworks like the EU CRA and the US Executive Order on Cybersecurity.

The following diagram presents the MVSecure service process:

MVSecure standard process

MVSecure services are often complementary to Carrier Grade eXpress (CGX) or MVShield, but can be provided as a stand-alone solution. By partnering with MontaVista, your organization can reduce the risks associated with software supply chain security and focus on your value adding to future-proof embedded applications.

If you would like to discuss your specific case, please get in touch today by sending an email to sales@mvista.com or leaving a contact request.