How SESIP is Supporting European Goals of Building a Cyber Resilient Society (S22a)
Although security guidelines and certification schemes are helping address the IoT security challenge, different ‘things’ must meet different security requirements and assurances. They do not all require the same certification and it is often not possible, due to their sheer number, to test each one individually. Ensuring European citizens can rely on and trust digital devices and services has been one key objective of the European Commission. Providing pieces of legislation to support this goal is nothing new and it has been a non-wavering effort over the last few years that will only continue as we move even further into a digital-first future. Those regulations, and some more, share a common principle that systems, and components need to show State of The Art (SOTA) features and security requirement. But across the world there are a number of different evaluation methodologies that laboratories must follow to generate evidence that the product fulfils the regulation. On top of that, some regulations require self-assessment that fall outside of the understanding of device manufacturers.
The Security Evaluation Standard for IoT Platforms (SESIP) methodology tackles this problem and is now a candidate to become a European Norm (EN) under CEN/CENELEC. This presentation will discuss the role SESIP can play on supporting the European goals of building a cyber resilient society. because the same component is used in different market and regulation, the presentation will highlight how the mappings between schemes including ETSI and NIST help to reduce certification costs. Ultimately, simplify and streamlining certification without compromising on security.