If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.
Standards Development
This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.
This project is proposed as ISO-led common work under the Vienna Agreement, in cooperation with CEN-CLC JTC 13, with the objective of publishing an ISO standard technically identical to EN 17927: 2023. The intent is to ensure one aligned text to support global supply chains and international recognition of evaluation results, while avoiding duplication and divergence between European and international standards.
SESIP is a security evaluation framework for platforms (components) of connected products. SESIP puts the focus on the security services offered by the platform to the next layer software or application. SESIP defines a list of security services which can be used when creating SESIP profiles (similar to Protection Profiles) and when defining the Security Target of a particular platform under evaluation. The SESIP framework defines hierarchical assurance packages building on already defined concepts and assurance classes in ISO/IEC 15408-3. SESIP is a methodology that unifies compliance to security requirements, suited for layered security with composition and re-use of evaluation results also into different schemes like CSPN, BSZ, LINCE, FITCEM, ETSI EN 303 645 and IEC 62443-4-2 if needed.
By this and the clarity on the evaluation scope and depth this proposal creates assurance and trust throughout the layers. This work provides to developers and customers of platforms an easy to use cybersecurity assessment methodology for the parts and potential combination of those parts within a device. This evaluation framework can further support to drive harmonization and expertise ramp up on product cybersecurity across Europe for all stakeholders. The plain English security claims are understandable by non-security experts. This will enable and accelerate the update of cybersecurity harmonization across the member states and industry.
Required form fields are indicated by an asterisk (*) character.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment by: