In response to the increasing use of GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology, the organisation has introduced several initiatives to further promote adoption. These initiatives include the launch of new certification stamps, an increase in the number of laboratories and certification bodies (CBs), new partnerships, and the creation of an adopter programme. Collectively, these efforts enhance IoT security by enabling the methodology’s adoption across new sectors, use cases, and markets.
“We are at an inflection point in SESIP adoption,” said Gil Bernabeu, CTO of GlobalPlatform. “SESIP is getting recognised for eliminating the complexity and fragmentation surrounding security evaluation, making IoT device security economically viable for the entire value chain. It helps the market identify and align relevant security requirements, implement appropriate security in devices, and demonstrate compliancy across markets, while minimising costs, effort, and time-to-market. The recent ratification of SESIP as a European Standard (EN 17927) serves as both a vote of confidence and a trigger for further adoption.”
SESIP has quickly become an internationally recognised standard for security evaluation, supported by a large community of security providers, industry bodies, security laboratories, and other stakeholders.
The longstanding certification body TrustCB has already issued 47 SESIP certificates to companies including NXP Semiconductors, STMicroelectronics, and Winbond Electronics Corporation. These products were evaluated by an expanding group of GlobalPlatform licensed security laboratories. Currently, these labs include Applus+, Riscure, SERMA, SGS Brightsight, and Thales ITSEF, with more expected to join in the coming year. Additionally, two more certification bodies are working to become GlobalPlatform SESIP CBs, which will increase capacity and reach within the ecosystem.
Importantly, the methodology is also utilised or referenced by bodies including the Car Connectivity Consortium (CCC), ETSI, FiRa Consortium, National Institute of Standards & Technology (NIST), PSA Certified, and Wireless Power Consortium. This adoption highlights the methodology’s value in strengthening IoT security across diverse vertical markets and use cases. It also assists device manufacturers using these technologies to assemble their final devices based on SESIP-certified software or hardware components, ensuring compliance with relevant regulations swiftly and efficiently.
The GlobalPlatform community is responsible for maintaining the methodology, enforcing a governance model with an associated quality brand between CBs, product vendors, and laboratories. To support and expedite growth, GlobalPlatform has introduced several important initiatives and resources:
- SESIP Committee & Working Groups – A dedicated Committee and Working Groups have been established to drive GlobalPlatform’s strategy for SESIP ecosystem development, initiate new technical projects, facilitate adoption efforts, and oversee governance. A primary focus is to engage with regulators and the security evaluation ecosystem to identify requirements and demonstrate SESIP’s applicability for different regions and vertical markets
- New SESIP Product, Lab, and Certification Body Marks – A suite of branded logos has been made available for certified products, and accredited laboratories and certification bodies, to promote and bring trust to their offerings
- SESIP Profiles and Mappings – GlobalPlatform develops and maintains a growing suite of SESIP Profiles and Mapping documents to facilitate adoption and use of the methodology. SESIP Profiles are used in the security evaluation of a component or device, while SESIP Mappings bridge the security requirements defined in the methodology with those of global cybersecurity regulations
- SESIP Adopters Community – As the methodology is now used by a diverse range of stakeholders, GlobalPlatform has created the ‘SESIP Adopters’ community. This programme informs non-members about the latest GlobalPlatform SESIP developments, provides access to relevant technical documents, and allows them to showcase their certified products and/or support for SESIP
“SESIP leverages the expertise of the GlobalPlatform ecosystem to incorporate better cybersecurity in IoT devices, at the right cost and aligned with market regulation,” added Bernabeu. “By giving stakeholders a single point of reference for IoT cybersecurity, regardless of their security expertise, we can collectively raise the bar for security. But we need to reach beyond this GlobalPlatform community. These programs, partnerships and resources will extend our ecosystem, enabling anyone to join us in driving the development of SESIP for the benefit of the growing IoT industry.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.