June 6, 2024 – In response to the growing uptake of GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology, the organization has introduced several initiatives to further accelerate adoption. These include the launch of new certification stamps, expanding the number of labs and certification bodies (CB), new partnerships and the creation of an adopter program. Together, this raises the bar for IoT security by enabling the adoption of the methodology across new sectors, use cases and markets.
“We are at an inflection point in SESIP adoption,” commented Gil Bernabeu, CTO of GlobalPlatform. “SESIP is getting recognized for eliminating the complexity and fragmentation surrounding security evaluation, making IoT device security economically viable for the entire value chain. It helps the market identify and align relevant security requirements, implement appropriate security in devices, and demonstrate compliancy across markets, while minimizing costs, effort, and time-to-market. The recent ratification of SESIP as a European Standard (EN 17927) serves as both a vote of confidence and a trigger for further adoption.”
A rapidly growing ecosystem
SESIP has rapidly become an internationally recognized standard for security evaluation, supported by a large community of security providers, industry bodies, security laboratories, and other stakeholders.
The longstanding certification body TrustCB has already issued 47 SESIP certificates to companies including NXP Semiconductors, STMicroelectronics and Winbond Electronics Corporation. These products were evaluated by a growing group of GlobalPlatform licensed security laboratories. Currently these labs are Applus+, Riscure, SERMA, SGS Brightsight, and Thales ITSEF with more expected to join this list in the coming year. Two additional certification bodies are currently working to become GlobalPlatform SESIP CBs to bring even more capacity and reach to the ecosystem.
Importantly, the methodology is also already used or referenced by bodies including the Car Connectivity Consortium (CCC), ETSI, FiRa Consortium, National Institute of Standards & Technology (NIST), PSA Certified and Wireless Power Consortium. This adoption first demonstrates the value of the methodology to strengthen IoT security across diverse vertical markets and use cases. It also helps device manufacturers using these technologies to compose their final device based on SESIP-certified software or hardware components, while quickly and easily ensuring compliance with relevant regulations.
Collaborating to expedite adoption
The GlobalPlatform community is responsible for maintaining the methodology, enforcing a governance model with an associated quality brand between CBs, product vendors and laboratories. The support and expedite growth, GlobalPlatform has delivered several important initiatives and resources:
- SESIP Committee & Working Groups – A dedicated Committee and Working Groups have been established to drive GlobalPlatform’s strategy for SESIP ecosystem development, initiate new technical projects, facilitate adoption efforts, and oversee governance. A primary focus is to engage with regulators and the security evaluation ecosystem to identify requirements and demonstrate SESIP’s applicability for different regions and vertical markets.
- New SESIP Product, Lab and Certification Body Marks – A suite of branded logos have been made available for certified products, and accredited laboratories and certification bodies, to promote and bring trust to their offerings.
- SESIP Profiles and Mappings – GlobalPlatform develops and maintains a growing suite of SESIP Profiles and Mapping documents to facilitate adoption and use of the methodology. SESIP Profiles are used in the security evaluation of a component or device, while SESIP Mappings bridge the security requirements defined in the methodology with those of global cybersecurity regulations.
- SESIP Adopters Community – As the methodology is now being used by a diverse range of different stakeholders, GlobalPlatform has created the ‘SESIP Adopters’ community. This program informs non-members about the latest GlobalPlatform SESIP developments, provides access to relevant technical documents, and allows them to showcase their certified products and/or support for SESIP.
“SESIP leverages the expertise of the GlobalPlatform ecosystem to incorporate better cybersecurity in IoT devices, at the right cost and aligned with market regulation,” added Bernabeu. “By giving stakeholders a single point of reference for IoT cybersecurity, regardless of their security expertise, we can collectively raise the bar for security. But we need to reach beyond this GlobalPlatform community. These programs, partnerships and resources will extend our ecosystem, enabling anyone to join us in driving the development of SESIP for the benefit of the growing IoT industry.”
Learn more about SESIP and join the adopters community.
About SESIP
The SESIP methodology provides a standardized approach for evaluating IoT security implementations, tailored to the unique requirements and challenges of the evolving ecosystem. The methodology can therefore support regulatory and industry requirements from leading organizations such as ENISA, ETSI, IEC and NIST. The IoT community therefore has a single, accessible reference point for assessing IoT cybersecurity in line with these and other requirements, reducing fragmentation, complexity and cost from security certification processes for stakeholders.
Additionally, the SESIP methodology also supports composition and reuse of certificates. This enables previously certified components to be used to build a device with in-built security assurances, without having to repeat a complete evaluation of the same component in each and every targeted market. This drives greater efficiency, security, innovation, and cost-savings across the certification process.
Importantly, both national and private certification bodies are creating and managing certification schemes based on the SESIP methodology.
About GlobalPlatform
GlobalPlatform is a technical standards organization that enables the efficient launch and management of innovative, secure-by-design digital services and devices, which deliver end-to-end security, privacy, simplicity, and convenience to users. It achieves this by providing standardized technologies and certifications that empower technology and service providers to develop, certify, deploy, and manage digital services and devices in line with their business, security, regulatory and data protection needs.
GlobalPlatform technologies are used in billions of smart cards, smartphones, wearables, and other connected and IoT devices to enable convenient and trusted digital services across market sectors, including healthcare, government and enterprise ID, payments, smart cities, industrial automation, smart home, telecoms, transportation, utilities, and OEMs.
GlobalPlatform standardized technologies and certifications are developed through effective industry-driven collaboration, led by multiple diverse member companies working in partnership with industry and regulatory bodies and other interested parties from around the world.
Learn more about SESIP Methodology.