Matter 1.6 and Product Security 1.1 officially announced, here’s what’s new

The Connectivity Standards Alliance (CSA) today announced Matter 1.6 and Product Security 1.1, introducing several improvements to new smart home setup tools, better multi-ecosystem device sharing, and more. Here are the details.

Today marks the second day of Unify, the CSA’s annual public event, where companies across the IoT industry “spotlight the power and potential of open standards” in the field.

While one significant announcement this year is the addition of ADT and Telink to the CSA’s Board of Directors, the biggest news for consumers and device makers is the launch of Matter 1.6 and Product Security 1.1.

What’s new with Matter 1.6

According to the CSA, Matter 1.6 is a focused feature release, which “enhances how devices interact across ecosystems, improves their ability to adapt to user preferences, and provides a deeper understanding of device status.”

One of the main highlights is NFC-Based Commissioning, which enables bi-directional NFC communication with Matter devices, even before they are fully powered on.

This means devices can be commissioned before installation, making it easier to set up items like ceiling fixtures and in-wall switches, as well as larger deployments that require devices to be provisioned in advance.

Here’s the CSA on NFC-Based Commissioning:

“In practice, this means a light bulb can be commissioned before it is screwed into a ceiling fixture, and an in-wall switch can be set up before mains power is on. For larger installations, multiple devices can be provisioned in advance and activated at their final locations. For end users, the experience is immediate and tactile: simply hold a phone near the device to commission it.”

The CSA says that NFC-Based Commissioning builds on Matter 1.4.1, “which embedded setup information in an NFC tag as a more convenient alternative to scanning a QR code, but still relied on Bluetooth LE to complete commissioning.” Matter 1.6, by contrast, allows the full commissioning exchange to happen over NFC.

Additionally, Matter 1.6 also introduces Joint Fabric, which expands on the possibilities of the Multi-Admin toolkit. With it, multiple user-authorized controllers can co-administer a single shared Matter network, making devices accessible across participating ecosystems without requiring separate setup for each one.

Matter 1.6 also introduces Thermostat Suggestions, which aim to standardize how ecosystems recommend changes to thermostats. Instead of sending direct commands to change the temperature or mode, Matter 1.6 lets controllers send time-bound suggestions that the thermostat can evaluate based on user preferences, recent inputs, and current conditions.

Here are a few use cases, per the CSA:

A user enrolled in a utility demand-response program can configure the thermostat to protect those commitments, preventing an automation from a different ecosystem from accidentally overriding a savings event.

A user who has chosen to optimize for energy savings, or for humidity control, air quality, or another preference, can have the setting recognized and respected across connected services without needing to configure it in each one.

A thermostat that was just manually adjusted, on the device or through one ecosystem, can recognize a suggestion arriving moments later from another source and will identify it is likely not what the user intended, and defer.

Finally, Matter 1.6 adds a few core enhancements, including standardized communication for device capabilities and operational limits, security sensor event history, unmounted status for smoke and CO alarms, and more scalable certificate revocation lists.

In addition to the announcement, the CSA is releasing the Matter 1.6 specification, as well as its SDK.

What’s new with Product Security 1.1

The second highlight today is Product Security 1.1, which introduces a shift in the scope of the CSA’s security certification program.

According to the CSA, version 1.1 of its Product Security Certification program “bridges the gap between disparate international cybersecurity standards,” and it does so “by streamlining the certification process and reducing evidence duplication.”

While Product Security 1.0 focused primarily on individual devices, Product Security 1.1 moves beyond that, encompassing “complete IoT Systems, which may include IoT Devices, IoT Apps, IoT Remote Processes, and IoT Gateways.”

Product Security 1.1 introduces two levels of security assurances:

Level-1: Involves a supplier self-assessment reviewed by an Authorized Test Laboratory (ATL)

Level-2: Requires an independent assessment and functional testing conducted by an ATL.

Here’s the CSA on Product Security 1.1:

“The Product Security Certification Program simplifies compliance across global markets, directly addressing the overhead and complexity manufacturers face when certifying products across different regions. Specifically, version 1.1 now covers the cybersecurity requirements for the European Union Radio Equipment Directive (RED) harmonized standards and the Singapore Cyber Security Labeling Scheme.”

To learn more about the CSA’s Product Security Certification Program, follow this link.