Mobile Device Security Certification (MDSCERT)
Ensure your mobile devices meet industry standards
The Mobile Device Security Certification (MDSCert) is a standardized security certification framework designed to enhance industry-wide security assurance. It provides greater transparency regarding the security capabilities of mobile devices, including smartphones, tablets, Chromebooks, and TVs running mobile operating systems.
Devices are assessed based on the GSMA MDSCert Security Requirements ([GSMA-FS.56]), which are built upon the ETSI Consumer Mobile Device Protection Profile ([ETSI TS 103 732] series).This ensures compliance across key security aspects, including:
- Device Hardware
- Firmware & Operating System
- Physical & Logical Interfaces
- Preloaded Software
- OTA Software Updates
TrustCB is the owner and operator of the MDSCert scheme. MDSCert is recognized globally, providing assurance that your mobile devices meet GSMA security benchmarks.
- Device Hardware
- Firmware & Operating System
- Physical & Logical Interfaces
- Preloaded Software
- OTA Software Updates
MDSCert is recognized globally, providing assurance that your mobile devices meet GSMA security benchmarks.
Our MDSCert evaluation process
Brightsight offers comprehensive testing at all Security Assurance Levels to ensure full compliance with MDSCert.
1. Application Phase
Before submission, the developer shall contact the lab and complete the application form with the lab’s support.
The developer submits the application form and MDSCert questionnaire to the certification body.
Evaluation evidence, including the completed questionnaire, is then submitted to the lab.
Brightsight also provides pre-evaluation consultation services.
Leveraging our expertise, we proudly offer comprehensive support to our customers as part of our consultancy services. Before the evaluation, we assist in building tailored documentation and completing the MDSCert questionnaire, ensuring a seamless and efficient process.
2. Evaluation Phase
·Level 1: Verification of developer’s self-assessment
·Level 2: Documentation Review + Functional testing (ATE_IND.2)
·Level 3: Level 2 + Vulnerability Analysis & Penetration testing (AVA_VAN.2)
For optimization, the application phase for Level 1 is combined with the evaluation phase.
For optimization, the application phase for Level 1 is combined with the evaluation phase.
3. Certification Phase
For level 1: No Verification by the Certification Body
For level 2 & 3: We submit our findings evaluation reports to the certification body for final approval
Why choose Brightsight?
Faster Testing & Certification - Reduce time to market
Expert Security Evaluations – Specializing in AVA_VAN.2 penetration testing
Flexible & Customizable Testing – Tailored to your product’s needs
Proven Compliance Expertise – Ensuring full adherence to ETSI & GSMA standards
Brightsight is a top choice for conducting MDSCert evaluations, having been closely involved in the program’s evolution. As a partner in Google’s ADSRP initiative from the very beginning, we’ve gained deep insight into the development of security guidelines and requirements, which positions us with strong expertise in product evaluations. Additionally, with decades of experience in mobile security, we bring comprehensive industry knowledge to the table. We’re excited to support you on your journey to achieving MDSCert certification, ensuring a smooth, efficient, and successful evaluation process.
