Brightsight is recognised by the Global System for Mobile Communications Association (GSMA) as a security lab providing the service of GSMA IoT Security Assessment, which offers IoT security capability to the wider ecosystem. This service can help companies without the necessary resources or expertise complete an assessment and test their IoT solutions to ensure end-to-end security.
The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling them to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines. This is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.
Benefits of GSMA IoT Security Assessment
Based on a structured approach and concise security controls
Covers the entire ecosystem
Can fit into a supply chain model
Provides a flexible framework that addresses the diversity of the IoT market
Mobile Device Security Certification (MDSCERT)
Ensure your mobile devices meet industry standards
The Mobile Device Security Certification (MDSCert) is a standardized security certification framework designed to enhance industry-wide security assurance. It provides greater transparency regarding the security capabilities of mobile devices, including smartphones, tablets, Chromebooks, and TVs running mobile operating systems.
Device Hardware
Firmware and Operating System
Physical and Logical Interfaces
Preloaded Software
OTA Software Updates
TrustCB is the owner and operator of the MDSCert scheme.
MDSCert is recognized globally, providing assurance that your mobile devices meet GSMA security benchmarks.
Our MDSCert evaluation process
Brightsight offers comprehensive testing at all Security Assurance Levels to ensure full compliance with MDSCert.
1. Application Phase
2. Evaluation Phase
3. Certification Phase
Before submission, the developer shall contact the lab and complete the application form with the lab’s support
The developer submits the application form and MDSCert questionnaire to the certification body.
Evaluation evidence, including the completed questionnaire, is then submitted to the lab.
Brightsight also provides pre-evaluation consultation services.
Leveraging our expertise, we proudly offer comprehensive support to our customers as part of our consultancy services. Before the evaluation, we assist in building tailored documentation and completing the MDSCert questionnaire, ensuring a seamless and efficient process.
Level 1
Verification of developer’s self-assessment
Level 2
Documentation Review + Functional testing (ATE_IND.2)
Level 3
Level 2 + Vulnerability Analysis & Penetration testing (AVA_VAN.2)
For optimization, the application phase for Level 1 is combined with the evaluation phase.
For level 1
No Verification by the Certification Body
For level 2 and 3
We submit our findings evaluation reports to the certification body for final approval
Our expertise in penetration testing and vulnerability analysis makes us the ideal partner for Level 2 & 3 evaluations
Why choose Brightsight?
Faster Testing & Certification
Expert Security Evaluations
Flexible & Customizable Testing
Proven Compliance Expertise
Reduce time to market
Specializing in AVA_VAN.2 penetration testing
Tailored to your product’s needs
Ensuring full adherence to ETSI & GSMA standards
Brightsight is a top choice for conducting MDSCert evaluations, having been closely involved in the program’s evolution. As a partner in Google’s ADSRP initiative from the very beginning, we’ve gained deep insight into the development of security guidelines and requirements, which positions us with strong expertise in product evaluations.
Additionally, with decades of experience in mobile security, we bring comprehensive industry knowledge to the table. We’re excited to support you on your journey to achieving MDSCert certification, ensuring a smooth, efficient, and successful evaluation process.
