Applus+ Laboratories licensed to evaluate IoT Platforms under TrustCB SESIP Scheme
The SESIP scheme enables implementers of IoT platforms to demonstrate that their platform provides specific functionalities and services to installed IoT apps and protects them against state-of-the-art attackers.
With the consolidation of 5G networks, products that take advantage of increased connectivity with higher speed and low latency will proliferate. One of the major challenges that the certification ecosystem is facing is the lack of security certification alternatives. Vendors require viable certification solutions while aiming to increase confidence of their clients in terms of security. These solutions need to balance a shorter time to market and sufficient level of security assurance.
Applus+ is continuously working to serve the industry’s needs, and decided to license their cybersecurity laboratory to extend their service portfolio and conduct SESIP evaluations.
What is SESIP?
The Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform, defines a standard for trustworthy assessment of the security of the IoT platforms. SESIP specifies requirements for the security evaluation of IoT platforms and parts thereof, including in particular a set of Security Functional Requirements, and the definition of Security Assurance Requirements packages. The SESIP requirements are based on the Common Criteria standard (ISO 154080, v3.1), but they have been redefined for the specific purpose of the evaluation of IoT platforms and parts in order to streamline the certification process.
TrustCB has used this standard to develop and operate the “TrustCB SESIP scheme”. Their experience benefits from time spent on evaluation work and certification of products, and from decades spent forming, authoring, refining, and influencing policies in this sphere, and in accordance with the provisions and expectations of ISO 17065.
Applus+, a SESIP-certified evaluation laboratory
“IoT products are comprised of more components than traditional security evaluation approaches were designed to address,” comments Gil Bernabeu, GlobalPlatform’s Technical Director.
“SESIP is designed specifically for IoT platforms and their parts, and offers an optimized approach to IoT security evaluation. Applus+ has successfully met all of the security criteria required by GlobalPlatform and TrustCB to become a SESIP-certified evaluation laboratory. Certification is essential to facilitate trust and confidence across the IoT ecosystem. GlobalPlatform looks forward to seeing how Applus+ will leverage its SESIP license to further foster IoT market stability and growth.”
IoT Applus+ Service Portfolio
This new accreditation reinforces the position of Applus+ as a partner for the IoT ecosystem in providing solutions to enhance the confidence of IoT product users, by means of industry-focused certifications. SESIP methodology is very flexible, and is divided into different levels of assurance:
*SESIP Assurance Level 1 (SESIP1) is a self-assessment-based level. SESIP1 provides a basic level of assurance.
*SESIP Assurance Level 2 (SESIP2) is a black-box penetration testing level. SESIP2 provides a moderate level of assurance.
*SESIP Assurance Level 3 (SESIP3) is a traditional white-box vulnerability analysis. SESIP3 provides a substantial level of assurance.
*SESIP Assurance Level 4 (SESIP4) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, which includes at least all the standard Common Criteria assurance components, and AVA_VAN.5 in particular. The current methodology simply provides guidance on how to obtain a SESIP4 certificate in addition to such a SOG-IS certificate.
*SESIP Assurance Level 5 (SESIP5) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, which includes at least all the standard Common Criteria assurance components, and AVA_VAN.5 in particular. The current methodology simply provides guidance on how to obtain a SESIP certificate in addition to such a SOG-IS certificate.
Applus+ is able to evaluate all options, being an expert laboratory accredited up to CC EAL6+ under the CCN scheme, which is part of SOG-IS, besides being able to conduct SESIP evaluation following TrustCB SESIP scheme. We can help you decide the best approach for your project.