GlobalPlatform is here to support IoT device makers and certification bodies to adopt the Security Evaluation Standard for IoT Platforms (SESIP) methodology and establish their own IoT device security certification schemes.
SESIP provides a common and optimized approach for evaluating the security of connected products that meets the specific compliance, security, privacy and scalability challenges of the evolving IoT ecosystem.
In parallel, GlobalPlatform will align certification bodies and laboratories, to ensure comparable evaluations across the entire IoT ecosystem. GlobalPlatform welcomes engagement from certification bodies and laboratories.
75.44 bn IoT devices to be deployed by 2025
Nearly 500 different IoT product requirements frameworks
Only 4% of deployed IoT products have security
The growing number of IoT products and the complexity of these connected things introduces new challenges to the traditional security evaluation process. IoT products are made up of multiple components, which are developed by multiple players, many of which are new to security. A myriad of different regulations and certification frameworks create an added layer of complexity for the IoT vendors, developers and service providers tasked with demonstrating the security capability of their products.
A flexible and efficient security evaluation methodology is needed to address the unique complexities and challenges of the evolving IoT ecosystem and drive consistency across IoT certification schemes to bring greater trust.
Methodology: Security Evaluation Standard for IoT Platforms
GlobalPlatform’s SESIP methodology standardizes security certification and gives device makers and solution vendors the ability to demonstrate alignment with market requirements and use cases.
Video: How does SESIP provide a standardized methodology for IoT security implementation?
Watch this video to understand how SESIP is providing the IoT ecosystem with a scalable, standardized methodology to meet specific compliance, security, privacy and challenges.
Video: Using SESIP to Simplify Security Evaluation and Build Trusted IoT Products
This video explores IoT use cases and explains how the embedded developer community can use the SESIP methodology to simplify security evaluation.
Frequently Asked Questions about SESIP
This documents answers common questions about the SESIP methodology. It also explains how device makers can leverage SESIP to evaluate and certify products to meet specific compliance, security, privacy and scalability challenges.
IoT products are far more complex than the products traditional security evaluation approaches address. SESIP recognizes this with a common security evaluation methodology that is designed specifically for the IoT platforms and platform parts on which these products are based. It addresses the need for a standardized approach that supports a broad range of regulatory and security frameworks, while at the same time providing a methodology that’s adaptable to the IoT environment and accessible to IoT developers who aren’t security experts.
GlobalPlatform has 20 years’ experience in establishing and managing security certification schemes. The organization is now supporting the IoT device security certification ecosystem with the adoption of the SESIP methodology. The objective is to build consistency across IoT certification schemes (regional or vertical) to facilitate product evaluation and certificate recognition.
The legal and technical forms applicable to each type of certification are provided below. For information on the procedures to be completed by a Certification Body or Laboratory to join the SESIP licensing program, read GlobalPlatform's SESIP Governance.
|Participation Forms||Product Vendor||Laboratory||Certification Body|
|GlobalPlatform SESIP Security Lab Agreement|
|Trademark License Agreement|
|GlobalPlatform SESIP Certification Body Relationship Agreement|
|GlobalPlatform SESIP Certification Body Request Form|