EUROSMART IoT Security Certification Scheme (eIoT SCS)
Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe consequences to consumers and vendors, due to non-presence or ineffective security controls. It is indeed vital that IoT devices have security designed-in and verified-in from the outset.
Since these IoT Devices at the low end of the range may have security features constrained by cost, available processing power and performance, size, type of power source, this Certification Scheme considers the trade-off between such constraints, the risks and the cost of certification. In addition, certifications must be granted and maintained in a proper and cost-efficient way to guarantee the level of assurance and the certificate in the operational phase.
The solution is the Eurosmart IOT Security Certification Scheme (eIoT SCS) which defines efficient policies, processes, criteria, methodologies and tools allowing IoT Service Providers, Business Lines, Risk-Owners, Decision Makers to play an important role in order to increase their trust in certified IoT Devices.
This Certification Scheme address IoT products covering the Consumer, Entreprise and Industrial markets and it focus on the three following unique properties:
• Security Profile (the “What”):
• Risk-Based Evaluation (the “How”):
• Certification Validity (the “What if”):
The philosophy of this evaluation methodology defined in this scheme is to assert that a substantial security assurance results from the application of a pre-defined risk-based evaluation effort and the goal is to apply the minimum effort required to provide such security assurance level.
During this presentation, Red Alert Labs – a member of Eurosmart will address the IoT security certification’s challenges, demonstrates how the Eurosmart IoT Certification Scheme enables granting and maintaining certificates for IoT Devices in a proper and cost-efficient way to guarantee the level of assurance and the certificate in the operational phase. How it is different from other initiatives addressing the same scope. Finally, we will see how this solution fits in the Cybersecurity Act regulation and the EU Cybersecurity Certification Scheme Framework specifically.