Certification services for connected products

The Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform and CEN CENELEC, provides an optimised version of the Common Criteria methodology applied to certification of IoT platforms and their components. Developers can trust that SESIP certified platforms and components will deliver the correct levels of security, enabling them to focus on their primary goal of delivering robust and secure products by design

SESIP offers a scalable solution to reduce security fragmentation in IoT devices by allowing a single evaluation to provide evidence for multiple certification requirements. This simplifies the process and eliminates the need for multiple security evaluations. SESIP certification aligns with global standards such as IEC 62443-4-2, ISO 21434 and the Cyber Resilience Act.

Brightsight CB has been designated by GlobalPlatform as SESIP Certification Body for assurance levels 1 to 3.

Brightsight CB is working with the following licensed evaluation laboratories (ITSEFs).

Spain’s digital infrastructure is protected by a robust regulatory framework designed to safeguard information systems in the public sector, as well as private entities working alongside government bodies. At the heart of this landscape is the National Cryptologic Center (CCN), established by Royal Decree 421/2004 and operating under the National Centre of Intelligence (CNI).

The Spanish National Security Scheme (Esquema Nacional de Seguridad, or ENS) provides a framework of security requirements to safeguard information within electronic administration. Its goal is to ensure the protection of personal and confidential data exchanged through online channels, thereby strengthening trust in digital public services. Compliance with ENS standards demonstrates that your information systems are secure, reliable and meet both industry and governmental requirements.

The ENS divides system requirements into three security categories - High, Medium, and Basic - ensuring tailored security for each use case. The Basic category can be achieved by a self-declaration. The Medium and High categories require certification from an accredited Certification Body (CB).

To streamline compliance, the CPSTIC Product Catalogue - managed by the CCN - serves as an authoritative listing of security products and services for information and communication technology (ICT) systems under the ENS. It helps public and private entities find security products and services for information and communication technology (ICT) systems under the ENS.

As an ENAC-accredited Certification Body (see English or Spanish), Brightsight CB manages the entire certification lifecycle, including initial auditing, technical review, and certificate issuance.

ENS certification is valid for up to two years, and per Article 38 of the ENS, all systems must undergo a comprehensive audit at least biennially to remain compliant. Our certification process rigorously assesses your information systems against the principles and requirements set out in Annex II of Royal Decree 311/2022.

The ENS certificates are published on the National Cryptographic Center (CCN) website.