February 2022 Newsletter

Letter from GlobalPlatform’s Executive Director

As IoT cybersecurity threats continue to evolve, GlobalPlatform is supporting connected industries to mitigate risks and more easily validate conformance to the latest standards and regulations. Our new white paper explains how the Security Evaluation Standard for IoT Platforms (SESIP) maps to the requirements of the ETSI EN 303 645 standard ‘Cyber Security for Consumer Internet of Things’, providing a scalable, time and cost-effective approach to security assessment.

We will continue to champion recognition and adoption of SESIP in the coming months. Our Spring Meetings in Austin will be co-located with a free workshop exploring how the SESIP methodology enhances the security certification process. You can read more on this below, including how to apply as a speaker or sponsor. As a reminder, we are also looking for experts to become GlobalPlatform SESIP-certified trainers. If you are interested, please contact me at ana.lattibeaudiere@globalplatform.org.

Finally, GlobalPlatform is seeking member contributions for two new initiatives that we are planning to launch in the coming months. The first is the potential creation of a new task force to provide guidance on the United States Software Bill of Materials. The second initiative is a roundtable event dedicated to addressing challenges and opportunities in the automotive market. Additional details will be shared soon, or feel free to reach out to me for further details on how you can participate.

Save the Date: SESIP Workshop - Austin

As part of its commitment to supporting the IoT device security certification ecosystem, GlobalPlatform is hosting a free workshop in Austin, Texas. Co-located with our Spring Meetings, the workshop will take place on April 14, to explore how SESIP helps to deliver flexible and efficient security evaluation and how product developers and issuers can benefit from the methodology.

More details, including speakers and a full agenda, will be shared soon. If you are interested in being a speaker or sponsoring the workshop, please get in touch.

Get in touch

NEWS: GlobalPlatform MCU Protection Profile Helps Simplify IoT Security and Certification

GlobalPlatform has published a new protection profile for Microcontroller Units (MCUs), to help IoT component and device manufacturers to build, certify and launch secure technologies and services.

Part of our Security Certification Program, this update defines the security levels required by a particular digital service, allowing solution providers to effectively manage risk and demonstrate the trustworthiness of products in line with regulations. This supports any device that needs a Root of Trust and secure environment to protect critical assets.

BLOG: Optimizing Security Evaluation and Compliance for IoT Systems

Nir Tasher, Technology Executive at full member Winbond, explores how SESIP helps build consistency across IoT certification schemes, helping to simplify product evaluation and certificate recognition.

Read how GlobalPlatform is defining security requirements of secure memory components, to support IoT system designers such as Winbond in understanding security threats and selecting the right solution for their intended application.

GlobalPlatform Helps SE Ecosystem Demonstrate Security and Compliance

GlobalPlatform’s Manufacturer Usage Description (MUD) File Service aims to simplify and secure IoT device network onboarding and management, to facilitate convenient and secure device connectivity.

Manufacturers can use the free service to publish, in a unique location, the MUD file library associated with their products. Publication in the MUD File Service simplifies the access and consumption of MUD files from networks hosting these devices. Enabling manufacturers to share the intent, capabilities and requirements of their devices in this way eases onboarding and network management, and helps network managers manage the rapidly growing number, and types, of IoT devices in their environments safely and efficiently.

Become a SESIP Laboratory Trainer

If you are interested in becoming a GlobalPlatform-certified SESIP trainer, there is still time to sign up for our classes. The classes will give participants the necessary tools and skills to lead our SESIP laboratory training workshops later in the year; a new certification program GlobalPlatform is launching to build consistency across IoT certification schemes.

If you are interested in this opportunity or want to learn more, please get in touch.

Technical Documents

New Document Releases

This paper describes how the SESIP certification of IoT platform components can be used to demonstrate the compliance of connected devices to the ETSI EN 303 645 requirements. The SESIP SFRs can be mapped to the requirements for IoT platform in ETSI EN 303 645, and the SESIP evaluation evidences can be reused as a proof of compliance to those requirements.

Download

Specifications Under Review

This new specification provides a generalization of the Secure Channel Protocol 03, which allows the use of other block ciphers and modes for encryption and MACing, including AEAD.

This document has been made available for member review. Please provide comments by Tuesday February 22, 2022.

Download

This new configuration answers to the requirements from GSMA SAM (Secured Applications for Mobile), which defines an “always on” area on an eUICC in parallel to telco profiles. It specifies the SAM security domain, application service provider security domains associated to it, the secure channel protocols to be used and more.

This document has been made available for committee review. Please provide comments by Monday, 7 March 2022.

Download
Speaking Engagements

Bringing TEE benefits to the IoT

Watch Gil Bernabeu’s presentation from RISC-V Summit to learn how GlobalPlatform is extending its TEE solutions to bring trust to digital services as new IoT use cases unfold.

Watch the video

EU Cybersecurity Act Conference

GlobalPlatform is delivering a talk at this year’s EU Cybersecurity Act Conference in Brussels, Belgium. Board member Oliver Van Nieuwnhuyze will be delivering our presentation ‘Security Levels: Mapping Misalignment with Industry & Understanding the Impact’ on 24 May.

Register

GlobalPlatform to speak at Embedded World 2022

Join Jeremy O’Donoghue as he speaks on behalf of GlobalPlatform at Embedded World 2022. On-site in Nuremberg from 21-23 June, hear our presentation ‘Device APIs to Root of Trust: An Open-source Implementation Building Chains of Trust Between IoT Device Makers and Digital Services’. The date / time of our presentation slot will be announced shortly.

Register
Membership Offers

For archived newsletters

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE