How ‘By-Parts’ Evaluation Achieves Certification Scheme Scalability (A21c)
Conciliating product-based security and IP-protected third-party supplies has become a cornerstone for certification schemes in many sectors. Chip manufacturers, for example, are looking to protect their IP from software providers using third party hardware, leading to composition models for particular development patterns, e.g. ACO assurance and also composite evaluation _COMP in CC v4. Within this presentation GlobalPlatform will explain how it is taking this a step further by defining a “by-parts evaluation methodology” within its TEE/MCU scheme, which allows the assessment of products including both evaluated and unevaluated components. It will also explain how Protection Profiles and structured evaluation reporting approaches are enabling scalability and lowering the cost of security evaluation for device manufacturers.