Keep up to date with the latest news from GlobalPlatform
GlobalPlatform News – OSIA Qualification, spring meetings and the SESIP licensing program
Letter from GlobalPlatform’s Executive Director
The countdown is on for our 2023 Spring Meetings! I’m looking forward to welcoming many of you to San Diego, USA on March 27 for a week of insightful discussions around our key initiatives, including the Security Evaluation Standard for IoT Platforms (SESIP) methodology, Software Bill of Materials (SBOM), automotive use cases and more.
A personal highlight will be the launch of our GP Women initiative. We are proud to be championing women in the cybersecurity ecosystem, and we call on women and allies alike to join us in this work. I look forward to being joined by Nicola Palmer, Chief Technology Ambassador, Verizon, for its launch on March 30. Join the group on our member workspace to learn more.
Our Automotive Task Force meetings will also welcome representatives from two guest organizations – Cariad and Stellantis – to discuss the innovative use cases within the ecosystem.
Meanwhile, our TEE Specification working group is about to submit its Internal Core 1.4 for member review. This update includes post-quantum computing, enhanced caller and environment identification, a PANIC masking mode and more.
Thank you all again for your contributions to our organization and see you in San Diego!
Our Spring Meetings in San Diego, running from March 27-31, will bring together the GlobalPlatform membership to discuss and advance key initiatives including SAM, SESIP, SBOM and more. We will also be joined by Cariad and Stellantis for discussions around our automotive initiatives. We invite you to take this time together to contribute to the work of our member-led committees and task forces and discuss the latest challenges and opportunities that our ecosystem faces
And make sure you tune in to hear from Chief Technology Ambassador at Verizon, Nicola Palmer, as we launch our GP Women initiative on March 30.
GlobalPlatform is the qualification authority of the OSIA global qualification program, launched by Security Identity Alliance to bring interoperability to the identity systems market and ensure digital IDs can be accepted with confidence.
The qualification program is working to enhance the interoperability of identity management systems, support identity solution development and address government requirements for OSIA compliance.
It aims to support the growing number of government bodies that want to introduce an OSIA qualification as a solution pre-requisite during their tendering process. It is doing this by enabling the government-industry collaboration needed to build open, innovative and future-proofed national identity systems.
GlobalPlatform supports IoT device makers and certification bodies to adopt the SESIP methodology and establish their own IoT device security certification schemes. Therefore, we are inviting labs to take part in our SESIP Licensing Program.
Upon completion of the licensing program, successful labs will be licensed for a specific technical domain and defined security and assurance levels. The technical domains are not pre-determined, but will be agreed on a case-by-case basis between the
Certification Body and the Evaluation Laboratory candidate.
This year’s Embedded World took place in Nuremberg on March 14-16. GlobalPlatform was on site discussing how IoT developers can keep pace with evolving cybersecurity requirements, and reduce the cost and complexity of certification, with the Security Evaluation Standard for IoT Platforms (SESIP) methodology.
GlobalPlatform Technical Director Gil Bernabeu delivered his presentation, “How SESIP can be used to keep pace with evolving IoT cybersecurity”, and Full Member STMicroelectronics also discussed SESIP, explaining how the methodology is helping to guide the work of its cybersecurity engineers.
Stellantis and Cariad to join Automotive Task Force in San Diego
As part of the Spring Meetings in San Diego, we will be finalizing our alignment with SAE on hardware protected security environments. This is in preparation for our joint meeting with SAE planned for April 21 in Troy, MI alongside WCX. As a reminder, participation in April’s joint meeting will be limited to active Automotive Task Force participants.
Representatives from Stellantis and Cariad will also be joining us in San Diego and we look forward to welcoming them to the Automotive Task Force and GlobalPlatform as a whole. We have prepared a special onboarding process to introduce them to GlobalPlatform and its ongoing activities. Now is the time to join the Automotive Task Force to ensure that your company’s priorities are accounted for in our work with the wider automotive ecosystem.
As previewed in last month’s newsletter, we will be holding a Cybersecurity Vehicle Forum (CSVF) on March 31 in San Diego. This will be a remote mini-session to provide an update on our progress on the topics raised at the CSVF held this past November in Munich. We welcome your attendance and contributions.
In June, we will hold a full, in-person CSVF event. It is scheduled for June 20 in Plymouth, MI alongside ESCAR USA 2023. This event will allow us to share progress on our coordination with SAE, explore the guidelines on trust anchors for automotive, broaden the discussion with US automakers and identify other areas of priority. Get in touch to learn about the available sponsorship packages.
The Cybersecurity Vehicle Forum is open to both GlobalPlatform members and non-members to ensure engagement with the wider automotive value chain.
GlobalPlatform to speak at the EU Cybersecurity Act Conference
Learn how the SESIP methodology is helping to deliver advanced IoT security in line with EU regulations as Georg Stütz delivers his presentation, “How SESIP is supporting European goals of building a cyber resilient society”.
He will also explain how the methodology maps to other schemes, enabling certification bodies to develop schemes that recognize and reuse the security capabilities of a product’s components.