Composite Evaluations: The Way Forward for IoT Security and Compliance (L21b)
What do PCI, DTSec, ETSI EN 303645 and IEC 62443-4-2 have in common? As the number of IoT security certification frameworks used in public and private sectors, and across multiple regions and markets, continues to increase the scalability of these approaches needs to be revised. Within this presentation, GlobalPlatform will: – Introduce the Security Evaluation Standard for IoT Platforms (SESIP) methodology and explain how it uses composite security evaluations, using lightweight Common Criteria methodologies, to certify individual hardware and software components (the IoT platform). – Discuss how this achieves recognition and reusability, as well as enabling mapping of the security requirements and functionalities necessary to deliver trusted IoT platforms. – Explain how IoT products which are developed using a SESIP certified IoT platform, provide a cost and time effective way of bringing certified and, therefore, secure products to market.