Billions of connected objects for performing or supporting extremely diverse activities have become a reality and are facing cybersecurity threats that may compromise data reliability or privacy, data or process confidentiality, as well as the integrity of the traditional information systems that are connected to the network of objects, e.g. in industrial environments. In this context, the emergence of security evaluation/certification schemes is not only a reality already, but it is also strongly encouraged by new regulations, such as the Cyber Act and ENISA’s renewed mandate in Europe. A security evaluation/certification scheme provides the framework for establishing and maintaining trust in cybersecurity products, processes and services.
Several well-known IT security schemes are already in place and pave the way: Common Criteria (ISO/IEC 15408 and 18405) in the general hardware and software IT field, NIST’s FIPS 140-2 for cryptographic modules, GSMA’s Security Accreditation Scheme (SAS) for the production sites and processes of mobile network operators’ (e)UICC suppliers, EMVCo and PCI for financial ecosystem, national initiatives for critical infrastructures, such as metering and industrial control systems, etc. This has allowed the emergence of numerous initiatives in new domains such as IoT devices and platforms. Moreover, industry and international standardization organizations are leading the security-by-design principle through guidelines, best practices, and self-assessment programs, in multiple domains (automotive, industrial control, biometrics, medical devices, etc.).
Internet of Trust helps organizations to define their security schemes, including technical and organizational requirements and evaluation methodologies, lab accreditation criteria, and certification processes.
The definition of a security scheme can be summarized in three steps:
The first step is to identify the goals of the scheme’s owner and to outline its principles. Our approach consists in associating a representative group of stakeholders to integrate market expectations, domain-specific technology, and life-cycle constraints. This is the key to ensuring the feasibility of the scheme and to facilitating its adoption by the ecosystem.
The definition of the scheme addresses four main axes: the scope, the evaluation methodology and test requirements, the lab accreditation criteria and all the processes related to the accreditation, evaluation and certification. This set of documents constitutes the scheme’s backbone and must comply with the highest standards.
The review and validation of the scheme principles and detailed specification by the stakeholders is a necessary step that can be implemented either all along the design and writing of the scheme documentation in an iterative approach or at any point in time. For some schemes, the validation comprises the approval by evaluation authorities/certification bodies.
The delivery plan is tailored to meet the customer’s milestones and goals. Typical deliverables for the definition of a security scheme include:
Internet of Trust provides services aimed at supporting the definition of security schemes documentation and facilitating the use of existing schemes to meet market requirements or regulations:
Definition of scheme requirements, which targets all or some of the following: definition of the scope of evaluation, development of the set of requirements a product/solution/service must comply with and/or development of the methodology that labs must use to verify compliance. This translates, for example, into Protection Profiles, security guidelines, test plans, attack catalogs. The validation of the requirements may lead to the constitution or involvement of dedicated working groups and in some cases to the interaction with approval authorities. The scheme can use a standardized framework such as Common Criteria or CSPN, or be self-defined. This service applies to new schemes or to the update of existing schemes to comply, for instance, with new functional specifications or regulations such as the EU Cyber Act.
Definition of scheme processes, which targets all or some of the processes required to operate the scheme such as evaluation, certification or lab accreditation processes and related procedures. These processes usually rely on standards such as ISO/IEC 17025 for testing or ISO 17065 for certification applied to the specifics of the scope of evaluation and stakeholders’ requirements. This service applies to new schemes or to the update of existing schemes.
Schemes Requirements Analysis, which targets the study of existing schemes vs selected applicability criteria. The goals may be manifold, e.g. selection of the most relevant sets of requirements for a given type of product/solution/service, comparison of schemes’ characteristics, translation or interpretation of one scheme’s requirements into another. This type of service aims to provide tools for understanding the evaluation and certification landscape and to guide the choice of an appropriate scheme.