📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

SESIP

From EverybodyWiki Bios & Wiki



SESIP
File:SESIP.jpg
Effective regionWorldwide
Effective since2018
Type of standardSecurity certification scheme
Websitehttps://globalplatform.org/sesip/

The Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform[1] defines a standard for independent assessment of the security of Internet of Things (IoT) hardware and software components, and their combination as platforms and devices[2]. As an industry standard, it’s maintained by worldwide industry actors in the security domain (e.g., chip manufacturers, software developers, OEMs, IoT vendors), security evaluation laboratories, and certification bodies[3].

SESIP aims to address the issue of fragmentation of security standards in the IoT ecosystem[4] by providing evidence of the security services that are provided by core security hardware and software components[5].

SESIP has been globally adopted by the industry since April 8, 2020[6]

SESIP Levels

The SESIP methodology provides security functionality metrics on components and platforms, in the form of Security Functional Requirements (SFRs). Also, it provides metrics of their strength (robustness against attacks) in the form of SESIP levels.

The five SESIP levels are aligned with Common Criteria(ISO 15408) class AVA_VAN or vulnerability analysis, as SESIP is an optimized version of Common Criteria for the IoT domain. SESIP SFRs are applicable to show resistance against different vectors of attack – like remote attacks, physical attacks, and software attacks, or a combination of them.

Vulnerability and patch management

As a minimum precondition for a security assessment, SESIP requires a vulnerability management policy to be available. This is mandatory as a response mechanism is needed should vulnerabilities be found when devices are in the field.

Due to its applicability on devices with basic and constrained capability, SESIP works under the presumption that not all products can receive patches or updates. This means that while having a patch management mechanism is mandatory, it’s expected that manufacturers provide a clear policy or technical solution addressing the scenario of constrained devices. It might be that the manufacturer will replace the units, as this is more cost-effective, rather than trying to implement an updated mechanism[7].

Industry Adoption

Contributions in the area of SESIP adoption include GlobalPlatform published whitepapers in SESIP Applicability for EN 303 645 and Quantifying Benefits of SESIP Reuse.

The reusability aspect of SESIP has been addressed in mappings like the NIST 8259a contribution[8] to NIST OLIR. SESIP mappings include DTSeC[9], ISO21434, EN303645, and IEC62443. A SESIP map is included in Annex 2[10] of the ETSI TS 103732, Consumer Mobile Device Protection Profile.

SESIP profiles are available for Secure Memories as well for MCU platforms.

The PSA Certified program has published Protection Profiles[11] for the PSA CertifiedTM Level 2 and PSA CertifiedTM Level 3 using the SESIP methodology[12].

The SESIP standard has been adopted by several leading chip vendors and software platform vendors[13]:

Chip makers include Microchip[14], NXP Semiconductors[15], Renesas Electronics[16], Silicon Labs[17], STMicroelectronics[18], and Winbond[19].

Software platforms include Amazon Web Services FreeRTOS[20], Microsoft Azure RTOS[21], and Secure Thingz[22].

Accredited labs[23] include Applus+, Riscure, and SGS Brightsight.

References

  1. "Security Evaluation Standard for IoT Platforms (SESIP) v1.1 | GP_FST_070". GlobalPlatform. Retrieved 2022-12-28.
  2. "GlobalPlatform supports SESIP methodology for IoT device security certification | IoT Now News & Reports". IoT Now News - How to run an IoT enabled business. 2020-04-08. Retrieved 2022-12-28.
  3. GlobalPlatform (June 2021). "GlobalPlatform Technology - Security Evaluation Standard for IoT Platforms (SESIP) FAQ, Q2 – Who recognizes SESIP and who is using it?" (PDF).
  4. Bernabeu, Gil (2022-09-29). "The benefits of IoT security evaluation reuse". Embedded.com. Retrieved 2022-12-28.
  5. "Navigate IoT regulations at local and global levels | TechTarget". IoT Agenda. Retrieved 2022-12-28.
  6. "GlobalPlatform Supports SESIP Methodology for IoT Device Security Certification". GlobalPlatform. Retrieved 2022-12-28.
  7. Sandra König, Stefan Schiebeck, Stefan Schauer, Martin Latzenhofer, Peter Mayer, Geraldine Fitzpatrick (May 2017). "Deliverable 3: Internet of Things Risk Analysis and Assessment. PROJECT RISIOT: MARKET ANALYSIS AND RISK ASSESSMENT TO ACCELERATE THE ADOPTION OF THE INTERNET OF THINGS IN AUSTRIAN ENTERPRISES" (PDF). RISIoT: Risk Assessment To Accelerate the Adoption of the Internet of Things. p. 9.CS1 maint: Multiple names: authors list (link)
  8. Computer Security Division, Information Technology Laboratory (2020-09-08). "Informative Reference Details - National Online Informative References Program | CSRC | CSRC". CSRC | NIST. Retrieved 2022-12-28.
  9. "Do no harm: Securing wireless medical devices". Med-Tech Innovation. 2021-10-18. Retrieved 2022-12-28.
  10. "ETSI TS 103 732, CYBER; Consumer Mobile Device Protection Profile" (PDF). ETSI TC Cyber. November 2021. p. 44.
  11. "IoT Security Certification Resources | PSA Certified". www.psacertified.org. Retrieved 2022-12-28.
  12. SUSAN, NORDYK (December 31, 2020). "MCU leverages IoT security assurance". EDN.com.
  13. Cater, Denise. "SESIP Certificates". TrustCB. Retrieved 2022-12-28.
  14. "SAM L10 and SAM L11 Families of Microcontrollers | Microchip Technology". www.microchip.com. Retrieved 2022-12-28.
  15. NXP (2020). "SESIP DELIVERS COST-EFFECTIVE SECURITY EVALUATION FOR IOT" (PDF). NXP.
  16. Renesas. "Renesas Extends IoT Security Leadership With PSA Certified Level 2 and SESIP Certification for RA Family Devices". Renesas.
  17. "Third Party Accreditation - Silicon Labs". www.silabs.com. Retrieved 2022-12-28.
  18. "STM32U5, First ST MCU to receive PSA Certified and SESIP Level 3 Certifications!". 2021-08-04. Retrieved 2022-12-28.
  19. Winbond (May 31, 2022). "Winbond TrustME® W77Q Secure Flash Obtains SESIP Level 2 with Physical Attacker Resistance Certification". Winbond.
  20. "Why SESIP™ Certification for FreeRTOS Matters". FreeRTOS. 2021-03-01. Retrieved 2022-12-28.
  21. edlamie80. "Azure RTOS security guidance for embedded devices". learn.microsoft.com. Retrieved 2022-12-28.
  22. "Security". www.iar.com. 2022-10-13. Retrieved 2022-12-28.
  23. Cater, Denise. "SESIP". TrustCB. Retrieved 2022-12-28.


This article "SESIP" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:SESIP. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=SESIP&oldid=5548202"
License CC BY-SA 3.0
Powered by MediaWiki