GlobalPlatform has enhanced its training program to support stakeholders adopting the Security Evaluation Standard for IoT Platforms (SESIP) methodology.

Leveraging the organization’s technical expertise on interoperability standards, this training course has been designed to impart key concepts on:

• SESIP evaluation methodology,
• Security Levels,
• Security Functional Requirements,
• Security Profiles, Mappings, Conformance to Regulations and
• SESIP Composition.

The course is offered for in-house training or, at times, as public courses.  The course generally is a three-day in-person training or four half-day virtual sessions. The content of the course is adapted to the specific needs of the primary target audiences.  The emphasis on the different subject areas changes based upon who the audience is and their specific product(s) SESIP certification objectives:

• Product vendors – focusing on how to apply the SESIP methodology, its objectives, applicability to other standards, how to set security objectives, and adapt security profiles
• Labs and Certification Bodies– learn how to implement the evaluation methodology and provide an efficient and swift solution for product certification.  This includes how to become a GlobalPlatform SESIP Laboratory or Certification Body licensee.
• Regulators– learn how to create a scheme based on SESIP methdology, how SESIP facilitates regulatory objectives, how SESIP certificates can be leveraged for compliance to regulations and schemes.

Course Outline

This training program covers the critical elements needed to understand critical questions for working with SESIP:

General Context

SESIP Assurance Packages: Requirements Per Assurance Level. How to:

• Define Security Targets
• Use SESIP Guidance Documents
• Satisfy Life Cycle Suppport Requirements
• Define the Target of Evaluation
• Define Security Parameters

Deep Dive on Security Functional Requirements

• Identification and Attestation
• Product Life Cycle
• Secure Communication
• Cryptographic functionality
• Compliance functionality
• Extra attacker resistance
• Use Case Examples:
  • Decisions on SFRs
  • Rationale for Inclusion in Security Targets

Understanding Attack Potential

• Rating Calculations
• Attack Calculation Examples: Attack Potential Ratings

SESIP Composition

• Composition Process
• Composition Evaluation Activities
• Guidelines for the Evaluator of Platform Parts to be Integrated

SESIP Security Profiles, Mappings and Conformance to Regulations

• Overview of Existing GlobalPlatform SESIP Profiles
  • Secure MCU/MPU
  • Secure External Memories
  • Code Update Mechanism
  • WPC Qi Secure Storage Subsystem
  • Edge Compute Node
• Overview of Existing GlobalPlatform SESIP Mappings
  • NIST 8425 IOT Labelling, NIST 8259A IOT Regulation
  • IEC 62443-4-2 Industrial Equipments
  • RED-hEN – EU regulation on Radio Equipment Devices
• Showing Conformance to CRA with SESIP

SESIP Governance by GlobalPlatform

• Licensing Laboratory Requirements and Onboarding
• Licensing Certification Bodies requirements and Onboarding