SESIP Certification for IoT security

The SESIP methodology (EN 17927) and certification scheme enables companies with IoT platforms to demonstrate that their solution can provide specific functionalities and services to install IoT apps and guarantee protection against state-of-the-art attackers.

What is SESIP (EN 17927)?

The Security Evaluation Standard for IoT Platforms (SESIP) defines a standard for trustworthy assessment of the security of IoT platforms. This methodology, published by GlobalPlatform, details the specific requirements for an IoT platform security evaluation and parts thereof. SESIP includes a set of Security Functional Requirements and defines the Security Assurance Requirements packages. SESIP requirements are based on the Common Criteria standard (ISO 154080, v3.1), but they have been redefined for the specific purpose of the evaluation of IoT platforms and parts to streamline the certification process Using this methodology, TrustCB has developed and operates the “TrustCB SESIP scheme”, with Applus+ Laboratories as one of the few accredited security labs conducting SESIP evaluations.

SESIP Levels of assurance

SESIP methodology is very flexible, and divided into different levels of assurance:

• SESIP Assurance Level 1 (SESIP1): a basic assurance level, based on self-assessment, without the intervention of independent evaluators
• SESIP Assurance Level 2 (SESIP2): a moderate assurance level, based on black-box penetration testing
• SESIP Assurance Level 3 (SESIP3): a substantial assurance level, based on white-box vulnerability analysis
• SESIP Assurance Level 4 (SESIP4): this level is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories. It must include at least all the standard Common Criteria assurance components, and an AVA_VAN.4.
• SESIP Assurance Level 5 (SESIP5): this level is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories. It must include at least all the standard Common Criteria assurance components, and an AVA_VAN.5

Why should I opt for an SESIP certification?

The SESIP scheme has been adopted and is currently being considered as a compliance requirement or proof of cybersecurity resilience for a wide variety of industries like Automotive, Consumer IoT or Industrial IoT. It reduces complexity, cost and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies, and compliant with standards and regulations.

Benefits of evaluating your IoT solution with Applus+ Laboratories

Applus+ Laboratories can evaluate all SESIP levels and also offer a wide scope of options in terms of cybersecurity for IoT developers thanks to its accreditations.

We are an accredited laboratory for Common Criteria up to EAL 6+ and have SOG-IS recognition. Additionally, as a PSA certification accredited lab based on SESIP methodology, we can help clients obtain both PSA and SESIP certification by conducting one single evaluation.

When it comes to IoT consumer devices, our accreditations also allow us to conduct evaluations under both ETSI EN 303 645 and IEC 62443 standards.

Cybersecurity requirements under the Radio Equipment Directive can also be covered by our team of experts before they become mandatory. Today, we are the first Notified Body in Europe accredited to conduct these evaluations.

We can help you decide the best approach for your project, ensuring your IoT solution has an adequate level of protection and holds trusted certifications that pave the way for its market adoption.