CPL Quality Data

16th April 2019

Are you involved in CPL Submissions? If your answer is yes, please read on:

The Central/Certified Products List (CPL) – New Entry Form contains several validation checks for the data submitted and further checks are carried out prior to adding a new Device Model to the CPL. This allows to identify and address most issues beforehand and prevents CPL entries with invalid data. There have been a few instances where incorrect values were provided in a valid format: this is very hard to detect and therefore these submissions were accepted and added to the CPL.

We are urging SEC Parties and any other persons who are submitting CPL – New Entry Forms to provide quality data when requesting to add a new Device Model to the CPL.

Things to look out for are:

  • check whether your internal processes are aligned with SEC requirements
  • follow the correct format as specified in the CPL – New Entry Form, i.e. the use of hexadecimal format for Device Model details and the Hash
  • use consistent coding of e.g. the firmware version in either binary-coded decimal or hexadecimal
  • ensure a timely certificate validity period if signed firmware is contained within the Manufacturer Image
  • ensure Device Model details are clearly shown in the assurance certificates

For further guidance on the CPL Submission process, please read the Certified/Central Product List Submission Guidance v1.4 available for download on the CPL webpage.