The Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform and by CEN CENELEC defines a standard for the trustworthy assessment of the security of the IoT platforms. It is designed to be efficient and able to be re-used in fulfilling the requirements of various commercial product domains. SESIP provides the technical basis for the TrustCB SESIP scheme. Both GlobalPlatform and by CEN CENELEC SESIP versions are supported by us.

The security functionality provided by the platform is expressed using the SESIP catalogue. Commonly provided sets of functionality have been published as SESIP profiles by organisations including GlobalPlatform and PSA Certified.

There are five Assurance Levels in SESIP, labelled and defined as:

  • SESIP Assurance Level 1 (SESIP1); a self-assessment-based level. There is no independent check by the evaluators the platform actually implements the SFRs. SESIP1 provides a basic level of assurance.
  • SESIP Assurance Level 2 (SESIP2); a black-box penetration testing level. The highest level that can be applied to a closed-source platform without cooperation by the developer. SESIP2 provides a moderate level of assurance.
  • SESIP Assurance Level 3 (SESIP3); a traditional white-box vulnerability analysis. The evaluation is structured around a time-limited source code analysis combined with a time-limited penetration testing effort. SESIP3 provides a substantial level of assurance.
  • SESIP Assurance Level 4 (SESIP4); originally in GP SESIP this was intended for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. It can still be used for re-use of SOG-IS/EUCC certification, however CEN CENELEC has explicitly added SESIP-only evaluation methodology to the CEN CENELEC SESIP standard so SESIP-only SESIP4 and SESIP5 is possible.
  • SESIP Assurance Level 5 (SESIP5); this level too was intended originally in GP SESIP for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. With CEN CENELEC’s addition of the stand-alone evaluation methodology, a SESIP-only  CEN CENELEC SESIP5 evaluation certification is possible.

TrustCB is a GlobalPlatform member certification body issuing certificates in accordance with:
GlobalPlatform SESIP GP_FST_070
CEN CENELEC EN17927

For details of the ITSEFS/evaluation labs that have been licensed by TrustCB for this scheme, visit our Labs page and look for labs that include TrustCB SESIP Scheme in their listing

Security Evaluation Standard for IoT Platforms

GlobalPlatform GP_FST_70

CEN/CENELEC EN17927    
(or any CEN member shop) 

Scheme Documents

Icon

TrustCB scheme procedure for TrustCB SESIP v2.6

SESIP Applications

Icon

TrustCB Application Form - SESIP v2.8

Icon

SESIP Security Target template v2.2

Icon

TrustCB SESIP Pricelist v2.6

Icon

SESIP TrustCB applications pgp

Scheme Certificates

Click here to view

The TrustCB Shared Procedures are posted on the Policies & Procedures page.

SESIP Interpretations

Icon

TrustCB SESIP scheme interpretation 1 CC reuse v1.2