Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform, defines a standard for trustworthy assessment of the security of the IoT platforms, such that this can be re-used in fulfilling the requirements of various commercial product domains. TrustCB has used this standard to develop and operate the “TrustCB SESIP scheme”.

The security functionality provided by the platform is expressed using the catalog included. Commonly provided sets of functionality will be covered in SESIP profiles, such as Arm PSA L1 (Chip). Currently mappings for IEC 62443, Javacard, PP-0084, etc are also under development within TrustCB.

There are five Assurance Levels in SESIP, which are labelled and defined as:

• SESIP Assurance Level 1 (SESIP1) is a self-assessment-based level. There is no independent check by the evaluators the platform actually implements the SFRs. SESIP1 provides a basic level of assurance.
• SESIP Assurance Level 2 (SESIP2) is a black-box penetration testing level. This is the highest level that can be applied to a closed-source platform without cooperation by the developer. SESIP2 provides a moderate level of assurance.
• SESIP Assurance Level 3 (SESIP3) is a traditional white-box vulnerability analysis. The evaluation is structured around a time-limited source code analysis combined with a time-limited penetration testing effort. SESIP3 provides a substantial level of assurance.
• SESIP Assurance Level 4 (SESIP4) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. A SESIP4 evaluation must then be performed as a complement to a SOG-IS certification that includes at least all the standard Common Criteria assurance components, and in particular AVA_VAN.4. The current methodology simply provides guidance on how to obtain a SESIP4 certificate in addition to such a SOG-IS certificate.
• SESIP Assurance Level 5 (SESIP5) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. A SESIP5 evaluation must then be performed as a complement to a SOG-IS certification that includes at least all the standard Common Criteria assurance components, and in particular AVA_VAN.5. The current methodology simply provides guidance on how to obtain a SESIP5 certificate in addition to such a SOG-IS certificate.

Both the original (TrustCB) SESIP standard and the new GP SESIP standard versions can be used as they are equivalent in the SESIP levels and security functional requirements (the impact of the changes in the transition to the GP standard are minor). Use of the new GP SESIP standard version is encouraged though, as this one will be developed and maintained in the future.

The original SESIP standard is now archived, and will not be maintained now that the GP SESIP standard has been adopted by TrustCB (from April 2020). However, the certificates issued against the earlier SESIP standard remain valid.

TrustCB is working with the following licensed lab for the TrustCB SESIP scheme:

• Brightsight B.V. (Delft, The Netherlands and Barcelona, Spain)

TrustCB has awarded the following labs with Candidate status, reflecting that confidence in the lab’s technical competence to perform SESIP evaluations, while full Licensing is pending:

• Riscure B.V. (Delft, The Netherlands)
• Applus+ (Barcelona, Spain)
• SRC Security Research and Consulting GmbH (Bonn, Germany)
• UL VS Limited (Basingstoke, UK)
• UL Verification Services Pte Ltd. (Singapore)
• Serma Safety & Security (Pessac, France)

Further details of the licensed labs can be found under Labs