Access Secure Information About Our Products
Sign in to access authorized secure information. Learn more about secure access rights.
Process
As part of our commitment to security-by-design and privacy-by-design, we made security an integral part of our way-of-working and we continuously invest in our people and processes.
NXP’s Product Security Program
We take a holistic approach to product and information security. We align with industry standards and best practices when it comes to developing technology, refining processes and establishing relationships.
Product Security
Security-by-design is an integral part of our (certified) cybersecurity engineering processes. We also have a dedicated product security incident response team (PSIRT) on standby to address vulnerabilities and security incidents related to our products.
Business Creation and Management (BCaM)
The NXP-wide Business Creation and Management (BCaM) framework is a process framework for product development that harmonizes processes to ensure we successfully launch new products, including new technologies and/or software. Built on best practices, the BCaM framework serves as NXP’s platform for continuous improvements, enabling NXP to work together efficiently and effectively worldwide.
Security Maturity Process (SMP)
As part of the BCaM framework, the NXP Security Maturity Process (SMP) addresses security in the concept-to-release lifecycle to verify and validate security for all new NXP products that are equipped with security features. The SMP is designed to increase the security maturity level of the device by having security experts perform reviews and assessments of the device’s security concept, architecture, design, and implementation. In addition, our internal vulnerability analysis (VA) lab performs penetration tests, simulations and silicon analysis in parallel with gates and milestones of the product development process. The SMP also aligns with emerging security standards, paving the way for devices we build today to be compliant with industry standards in the future.
Product Security Incident Response Team (PSIRT)
There is no such thing as “100% secure”, because even the most rigorous approach to security can’t fully eliminate the risk of (future) vulnerabilities and security incidents. Therefore, NXP has a dedicated Product Security Incident Response Team (PSIRT) that works according to specified processes to address security vulnerabilities and incidents in the post release lifecycle. The team, established in 2008, is committed to rapidly addressing security vulnerabilities in NXP products by responding to reported vulnerabilities and providing customers with clear guidance on the impact, severity and mitigation of these vulnerabilities.
NXP’s approach to product security is supported by development environments with elevated security measures; an Information Security Management System (ISMS), which complies with ISO 27001; efforts regarding physical, perimeter, and site security; and comprehensive, company-wide frameworks for Export Control and Supply Chain Security.
Our cybersecurity process framework is compliant with industry standards, which is confirmed through independent audits and certifications.
Awareness and Know-How
In our more than twenty years in the security industry, we have met a number of significant milestones and have continued to evolve our security culture and organization.
We deploy several initiatives that aim to continuously strengthen our cybersecurity culture and have an ongoing commitment to raise cybersecurity awareness and increase the security know-how of our employees. As part of these efforts, NXP’s Security School teaches employees how to identify and reduce attack surfaces, become more fluent in the vocabulary of cybersecurity, and gain a foundational understanding of cryptography, security implementations and system security.
Quality Foundation
NXP also has a solid foundation in quality, which is a pre-requisite for security:
- As a cornerstone of NXP’s Total Quality program, NXP has implemented an organization-wide Lessons Learned (LL) process. This process fans out systemic solutions for recurring issues and best-known methods. The LL process is triggered ad-hoc or as part of a lessons- learned collection anchored at multiple gates of NXP’s BCaM product development framework.
- NXP achieved ISO 9001 certification for all sites and additional IATF 16949 quality certifications for manufacturing sites for automotive products. An outline of our commitment to improvement can be seen along with certifications on our NXP quality page.