Bridging the Gap in IoT Certification: A Vendor Analysis When Stepping Up from SESIP to Common Criteria (D30c)
This talk examines the transition from the Security Evaluation for Secure IoT Platforms (SESIP) to the more stringent Common Criteria, focusing on the challenges faced by vendors.
While a single standard is insufficient, accepting alternative evaluation results is crucial to minimize costs for IoT OEMs and consumers. Through a vendor analysis, this talk demonstrates how cybersecurity standards for various IoT domains like FITCEM, ISO/SAE 21434, IEC 62443 can converge, creating a robust cyber assessment toolbox. SESIP, a European Norm (EN 17927), plays a pivotal role in supporting the goal of a cyber resilient society. Moreover, SESIP reduces certification costs by mapping evaluation methodologies, re-using evaluation results like NIST’s CAVP or ESV harmonizing certification processes across markets and regulations like EO14028, RED or CRA. This streamlined approach ensures certification without compromising security. Understanding the transition from SESIP to the Common Criteria is vital in advancing the global certification landscape. Ultimately, it provides valuable insights for vendors considering the path from SESIP to Common Criteria certification.