• Government (ID)

    CONTACT US

Product Security Evaluation Services for Government (ID)

Demonstrating strong digital security for government applications

Governments rely on high-end digital ID products to fight cybercrime and identity forgery. Welfare fraud, or infrastructure hacks have consequences that can be expensive and devastating for society. Digital identification systems offer a high level of protection, provided that they are developed and implemented in a secure way.

Practically all governments follow renowned standards and rigorous certification schemes to have products verified before they are allowed on the market.

Global and EU standards

  • eIDAS (Electronic IDentification, Authentication and Trust Services) is a broad regulatory framework intended to harmonise EU countries from the perspective of digital signatures and certificates, timestamps, digital identity, digital sealing and web authentication.
  • Common Criteria (CC) is a global security certification method that follows a structured approach to analyse the security features of a product. CC has different levels and can verify products up to the highest level of security that exists for IT products today. This is crucial for certain government applications.
  • ICAO (International Civil Aviation Organization) is an agency of the United Nations that adopts standards and recommended practices concerning air navigation, its infrastructure, flight inspection, prevention of unlawful interference, and facilitation of border-crossing procedures for international civil aviation. Electronic passports must meet the security-relevant requirements of the ICAO standard to ensure integrity of the passport and the biometric data it contains from the passport holder.

A number of European governments additionally started their own national certification programmes. These ensure that IT products used to exchange information between government agencies meet a basic level of security. Hard disks, USB sticks, bit lockers and communication software are just some of the wide variety of products that fall into this category.

National certification schemes

  • BSPA is a programme of the Dutch General Intelligence and Security Service (AIVD) and Ministry of the Interior to confirm the security strength of IT products within a reasonable time frame and against a clear price scheme.
  • Lince is a Spanish national security certification programme, set up by the Spanish government. Vendors can account for the strength of their IT product by having a security evaluation performed, focusing on penetration testing, within a defined time frame. The programme aims to provide a basic security level with a black box attacker model and qualifies successfully evaluated products for the national security products catalogue. The developer can opt in for code review analysis and cryptographic function analysis according to the requirements of the Spanish government.

Services by SGS Brightsight

SGS Brightsight uses eIDAS, Common Criteria and the ICAO standard to evaluate products that are specifically designed for government usage. 

Typical products are electronic passports, identity cards, HSMs, Secure Signature Creation Devices, SAMs and electronic tachographs.

 

We provide different services, depending on the specific needs of your team and your product.

Security services

Government (ID) Standards & Recognitions

ETSI 419

ICAO 9303