The past years have shown that there are still vulnerabilities in the security of IoT devices. As a result, dozens of norms and regulations have been introduced around the world to make sure IoT products provide security and privacy by design. These products often have to meet requirements imposed by various public and private policy makers, all looking for evidence of security elements such as encryption, secure storage and secure communication. But not all IoT devices require the same level of certification, and there are simply too many of them to test individually.

Developers and manufacturers of IoT products are experts in other fields than security. Because of this, they lack the tools to clearly identify security functionalities, their strengths, and the metrics to qualify them in a standardised way. With this in mind, the Security Evaluation Standard for IoT Platforms (SESIP) was introduced. An IoT platform is software and hardware combined, ready to be implemented in IoT products.

Brightsight is a founding member of SESIP. SESIP has rapidly grown into an internationally recognised standard for security evaluation, supported by a large community of the top security providers in the hardware and software domains. It provides an optimised version of the Common Criteria methodology applied to certification of IoT platforms and their components. 

(hosted by GlobalPlatform and Brightsight)
Read the latest SESIP news here