Common Criteria as Backbone of IoT Security Certification
With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of devices, plus the challenge of keeping the devices updated and secure. This presentation will show how Common Criteria and higher assurance evaluations can be a backbone to such optimized device-level schemes and the reference to which the schemes compare their assurance requirements, and guarantee that security certifications provide substantial benefits.