Are you involved in CPL Submissions? If your answer is yes, please read on:
The Central/Certified Products List (CPL) – New Entry Form contains several validation checks for the data submitted and further checks are carried out prior to adding a new Device Model to the CPL. This allows to identify and address most issues beforehand and prevents CPL entries with invalid data. There have been a few instances where incorrect values were provided in a valid format: this is very hard to detect and therefore these submissions were accepted and added to the CPL.
We are urging SEC Parties and any other persons who are submitting CPL – New Entry Forms to provide quality data when requesting to add a new Device Model to the CPL.
Things to look out for are:
- check whether your internal processes are aligned with SEC requirements
- follow the correct format as specified in the CPL – New Entry Form, i.e. the use of hexadecimal format for Device Model details and the Hash
- use consistent coding of e.g. the firmware version in either binary-coded decimal or hexadecimal
- ensure a timely certificate validity period if signed firmware is contained within the Manufacturer Image
- ensure Device Model details are clearly shown in the assurance certificates
For further guidance on the CPL Submission process, please read the Certified/Central Product List Submission Guidance v1.4 available for download on the CPL webpage.