With billions of connected IoT devices, security and trust is a priority. A large number of norms and regulations have been introduced around the world to ensure that IoT products provide security and privacy by design.
Security Evaluation Standard for IoT Platforms (SESIP) is an optimized security evaluation methodology for IoT platforms and components, published by GlobalPlatform. SESIP requirements are based on the Common Criteria standard (ISO 15408) and optimized for the IoT market, with the main benefits of re-usability, composition and mapping with the IoT vertical standards, such as ETSI EN 303 645 (consumer IoT), NIST 8259a, IEC 62443 (Industrial IoT) and ISO 21434 (Automotive IoT). SESIP has rapidly grown into an internationally recognized standard for security evaluation, supported by a large community of top security providers in the hardware and software domains. As a founding member of SESIP, with our accredited labs by TrustCB, our SESIP services enable you to efficiently certify and launch your secure IoT product.
The five SESIP assurance levels
There are five assurance levels in SESIP:
- SESIP Assurance Level 1 (SESIP1): a self-assessment-based level and provides a basic level of assurance
- SESIP Assurance Level 2 (SESIP2): a black-box penetration testing level. SESIP2 provides a moderate level of assurance
- SESIP Assurance Level 3 (SESIP3): a white-box vulnerability analysis with time-limited source code analysis and pen-testing. SESIP3 provides a substantial level of assurance
- SESIP Assurance Level 4 (SESIP4): exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains
- SESIP Assurance Level 5 (SESIP5): exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains
