Skip to searchSkip to main content
  • Global System for Mobile Communications Association

Brightsight is recognised by the Global System for Mobile Communications Association (GSMA)  as a security lab providing the service of GSMA IoT Security Assessment, which offers IoT security capability to the wider ecosystem. This service can help companies without the necessary resources or expertise complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling them to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines. This is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.

Benefits of GSMA IoT Security Assessment

Based on a structured approach and concise security controls
Covers the entire ecosystem
Can fit into a supply chain model
Provides a flexible framework that addresses the diversity of the IoT market

If you are interested in a GSMA IoT Security assessment, please contact us

​Mobile Device Security Certification (MDSCERT)

Ensure your mobile devices meet industry standards

The Mobile Device Security Certification (MDSCert) is a standardized security certification framework designed to enhance industry-wide security assurance. It provides greater transparency regarding the security capabilities of mobile devices, including smartphones, tablets, Chromebooks, and TVs running mobile operating systems.

Devices are assessed based on the GSMA MDSCert Security Requirements (GSMA-FS.56), which are built upon the ETSI Consumer Mobile Device Protection Profile (ETSI TS 103 732 series). This ensures compliance across key security aspects, including:
Device Hardware
Firmware and Operating System
Physical and Logical Interfaces
Preloaded Software
OTA Software Updates

TrustCB is the owner and operator of the MDSCert scheme. 

MDSCert is recognized globally, providing assurance that your mobile devices meet GSMA security benchmarks.

Our MDSCert evaluation process

Brightsight offers comprehensive testing at all Security Assurance Levels to ensure full compliance with MDSCert.

1. Application Phase

2. Evaluation Phase

3. Certification Phase

Before submission, the developer shall contact the lab and complete the application form with the lab’s support

The developer submits the application form and MDSCert questionnaire to the certification body.

Evaluation evidence, including the completed questionnaire, is then submitted to the lab.
Brightsight also provides pre-evaluation consultation services.

Leveraging our expertise, we proudly offer comprehensive support to our customers as part of our consultancy services. Before the evaluation, we assist in building tailored documentation and completing the MDSCert questionnaire, ensuring a seamless and efficient process.

Level 1

Verification of developer’s self-assessment

Level 2

Documentation Review + Functional testing (ATE_IND.2)

Level 3

Level 2 + Vulnerability Analysis & Penetration testing (AVA_VAN.2)

For optimization, the application phase for Level 1 is combined with the evaluation phase.

For level 1

No Verification by the Certification Body

For level 2 and 3

We submit our findings evaluation reports to the certification body for final approval

Our expertise in penetration testing and vulnerability analysis makes us the ideal partner for Level 2 & 3 evaluations

Why choose Brightsight?

Faster Testing & Certification
Expert Security Evaluations
Flexible & Customizable Testing
Proven Compliance Expertise

Reduce time to market

Specializing in AVA_VAN.2 penetration testing

Tailored to your product’s needs

Ensuring full adherence to ETSI & GSMA standards

Brightsight is a top choice for conducting MDSCert evaluations, having been closely involved in the program’s evolution. As a partner in Google’s ADSRP initiative from the very beginning, we’ve gained deep insight into the development of security guidelines and requirements, which positions us with strong expertise in product evaluations.

Additionally, with decades of experience in mobile security, we bring comprehensive industry knowledge to the table. We’re excited to support you on your journey to achieving MDSCert certification, ensuring a smooth, efficient, and successful evaluation process.