With billions of connected IoT devices, security and trust is a priority. A large number of norms and regulations have been introduced around the world to ensure that IoT products provide security and privacy by design.
Security Evaluation Standard for IoT Platforms (SESIP) is an optimized security evaluation methodology for IoT platforms and components, published by GlobalPlatform. SESIP requirements are based on the Common Criteria standard (ISO 15408) and optimized for the IoT market, with the main benefits of re-usability, composition and mapping with the IoT vertical standards, such as ETSI EN 303 645 (consumer IoT), NIST 8259a, IEC 62443 (Industrial IoT) and ISO 21434 (Automotive IoT). SESIP has rapidly grown into an internationally recognized standard for security evaluation, supported by a large community of top security providers in the hardware and software domains. As a founding member of SESIP, with our accredited labs by TrustCB, our SESIP services enable you to efficiently certify and launch your secure IoT product.
The five SESIP assurance levels
There are five assurance levels in SESIP:
- SESIP Assurance Level 1 (SESIP1): a self-assessment-based level and provides a basic level of assurance
- SESIP Assurance Level 2 (SESIP2): a black-box penetration testing level. SESIP2 provides a moderate level of assurance
- SESIP Assurance Level 3 (SESIP3): a white-box vulnerability analysis with time-limited source code analysis and pen-testing. SESIP3 provides a substantial level of assurance
- SESIP Assurance Level 4 (SESIP4): exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains
- SESIP Assurance Level 5 (SESIP5): exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains
Why choose SESIP?
SESIP was mentioned by The European Union Agency for Cybersecurity (ENISA) as one of the most relevant standards in risk management for IoT Platforms and components security. SESIP is currently under standardization by the European Committee for Electrotechnical Standardization (CENELEC).
SESIP enables you to launch your IoT product faster through:
- A flexible, optimized methodology to ensure the security of your product
- Re-usability and a unique composition model
- Alignment with the vertical standard of the IoT domains
- Cost and time-saving product certification
Why choose SESIP security evaluations from SGS?
We have extensive experience in SESIP evaluations and thanks to our deep knowledge in Common Criteria, we can support you from the pre-evaluation phase with training, workshops, and pre-assessments.
Why SGS?
We are the world’s leading provider of testing, inspection and certification services to the cybersecurity industry, providing CC evaluations to NSCIB requirements. We are recognized as the global benchmark for quality and integrity. Accredited by Common Criteria (CC), EMVCo, SESIP, PSA Certified, MasterCard, PCI, Visa, American Express, and numerous national schemes, we boast the highest number of CC accreditations globally. As the largest security evaluation laboratory with more than ten locations across the globe, we execute over 700 projects annually for hundreds of clients worldwide.
To find out more about our SESIP evaluation services, contact us today.