Cybersecurity is now seen as a major issue in most countries and in particular in Europe and United States of America through EU’s Cyber Resilience Act and USA’s Internet of Things Cybersecurity Improvement Act. While this topic is so important, there is actually few means to demonstrate the effective robustness of a new product. Indeed demonstrating that a product provides the right level of security requires involvement of a third party which can be trusted and is able to evaluate the vendors evidences.

While Common Criteria (CC) backed by governments might be used to demonstrate the effective security of an embedded product, the evaluation process is not be adapted to the IoT market due to the lack of mutual agreements between countries and the heaviness of the evaluation process.

To tackle this problem Global Platform devised from Common Criteria the SESIP evaluation methodology as a lightweight yet very powerful evaluation methodology. The methodology gives a framework that can be used to assess the actual level of security of any kind of IoT or connected product

However, SESIP methodology is somewhat a raw framework that need to be instantiated for each new product. This were PSA Certified framework comes to the rescue. PSA Certified provides both a Platform Security Model for IoT products and the corresponding evaluation methodology based on the Global Platform’s SESIP scheme. In short, PSA Certified helps you to define your security problem according to the nature of your product using comprehensive protection profiles and three predefined resistance levels.

At level one, you can prove to your customer that you product is well designed by filling a questionnaire that will be reviewed and challenged by an independent security laboratory likes Serma’s Security Laboratory.

At level two, you can demonstrate the resistance of your product to a remote attacker in a white box context. Penetration testings will be carried out by an independent laboratory such as Serma’s Security Laboratory.

At level three, the highest level of assurance offered by the PSA Certified framework, the resistance of your product against both remote and physical attackers will be demonstrated by an independent laboratory like Serma’s Security Laboratory.

Serma’s Security Laboratory performs SESIP and PSA Certified evaluations up to level three. It evaluates more than 200 complex security products annually, ranging from the electronic chip to the complete hardware / software system. The laboratory is accredited by many organizations to carry out these evaluations against many international standards, public or private (Common Criteria, EMVCO, GlobalPlatform, PCI PTS, FIPS140-2, SESIP, PSA Certified…)