BS EN 17927:2023

$215.11

Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products

Published By	Publication Date	Number of Pages
BSI	2023	104

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
2	undefined
7	1 Scope 2 Normative references 3 Terms, definitions, symbols and abbreviated terms
8	4 Overview 4.1 General
9	4.2 SESIP concepts 4.3 IoT use cases and threat model 4.3.1 General 4.3.2 Architecture
10	4.3.3 Assets
11	4.3.4 Attackers and threats 4.3.4.1 Base scenario 4.3.4.2 Extended scenario – physical access 4.3.4.3 Extended scenario – untrusted software 4.4 Connected product life cycle
13	4.5 Reusability in SESIP 4.5.1 General 4.5.2 Building connected products from connected platforms 4.5.2.1 Reuse of external evaluations 4.5.2.2 Reuse of platform parts evaluations
15	4.5.2.3 Reuse of platform evaluation in connected products
16	4.5.3 Additive composition within SESIP 4.5.3.1 General
17	4.5.3.2 Composition evaluation rules
18	4.5.3.3 Assurance level of compositions 4.6 Accessibility and transparency
19	4.7 Security self-assessment in SESIP 4.8 Catalogue of security features and assurance packages
20	4.9 SESIP profiles and mappings 4.9.1 General 4.9.2 SESIP profiles 4.9.3 SESIP mappings
21	5 Security Functional Requirements (SFRs) 5.1 General 5.2 Identification and attestation of platforms and applications 5.2.1 General
22	5.2.2 Verification of platform identity 5.2.2.1 Requirement 5.2.3 Verification of platform instance identity 5.2.3.1 Requirement 5.2.3.2 Value 5.2.3.3 Considerations 5.2.4 Attestation of platform genuineness 5.2.4.1 Requirement 5.2.4.2 Value
23	5.2.4.3 Considerations 5.2.5 Secure initialization of platform 5.2.5.1 Requirement 5.2.5.2 Value 5.2.5.3 Considerations 5.2.6 Attestation of platform state 5.2.6.1 Requirement 5.2.6.2 Value 5.2.6.3 Consideration 5.2.7 Attestation of application genuineness 5.2.7.1 Requirement 5.2.7.2 Value
24	5.2.7.3 Considerations 5.2.8 Attestation of application state 5.2.8.1 Requirement 5.2.8.2 Value 5.2.8.3 Considerations 5.3 Product Life Cycle: Factory reset / Install / Update / Decommission 5.3.1 General 5.3.2 Factory reset of platform 5.3.2.1 Requirement 5.3.2.2 Value 5.3.2.3 Considerations
25	5.3.3 Secure install of application 5.3.3.1 Requirement 5.3.3.2 Value 5.3.3.3 Consideration 5.3.4 Secure update of platform 5.3.4.1 Requirement 5.3.4.2 Value 5.3.4.3 Considerations
26	5.3.5 Secure update of application 5.3.5.1 Requirement 5.3.5.2 Value 5.3.5.3 Consideration 5.3.6 Secure uninstall of application 5.3.6.1 Requirement 5.3.6.2 Value 5.3.6.3 Considerations
27	5.3.7 Decommission of platform 5.3.7.1 Requirement 5.3.7.2 Value 5.3.7.3 Considerations 5.3.8 Field return of platform 5.3.8.1 Requirement 5.3.8.2 Value 5.3.8.3 Considerations 5.4 Secure communication 5.4.1 General 5.4.2 Secure communication support 5.4.2.1 Requirement
28	5.4.2.2 Value 5.4.2.3 Considerations 5.4.3 Secure communication enforcement 5.4.3.1 Requirement 5.4.3.2 Value 5.4.3.3 Considerations
29	5.5 Extra attacker resistance 5.5.1 General 5.5.2 Limited physical attacker resistance 5.5.2.1 Requirement 5.5.2.2 Value 5.5.2.3 Considerations
30	5.5.3 Physical attacker resistance 5.5.3.1 Requirement 5.5.3.2 Value 5.5.3.3 Considerations 5.5.4 Software attacker resistance: Isolation of platform 5.5.4.1 Requirement 5.5.4.2 Value 5.5.4.3 Considerations 5.5.5 Software attacker resistance: Isolation of platform parts 5.5.5.1 Requirement 5.5.5.2 Value
31	5.5.5.3 Considerations 5.5.6 Software attacker resistance: Isolation of application parts 5.5.6.1 Requirement 5.5.6.2 Value 5.5.6.3 Considerations 5.6 Cryptographic functionality 5.6.1 General 5.6.2 Cryptographic operation 5.6.2.1 Requirement 5.6.2.2 Value
32	5.6.2.3 Considerations 5.6.3 Cryptographic key generation 5.6.3.1 Requirement 5.6.3.2 Value 5.6.3.3 Considerations
33	5.6.4 Cryptographic keyStore 5.6.4.1 Requirement 5.6.4.2 Value 5.6.4.3 Considerations 5.6.5 Cryptographic random number generation 5.6.5.1 Requirement 5.6.5.2 Value 5.6.5.3 Considerations
34	5.7 Compliance functionality 5.7.1 General 5.7.2 Secure trusted storage 5.7.2.1 Requirement 5.7.2.2 Value 5.7.2.3 Considerations 5.7.3 Secure confidential storage 5.7.3.1 Requirement 5.7.3.2 Value 5.7.3.3 Considerations 5.7.4 Secure encrypted storage 5.7.4.1 Requirement 5.7.4.2 Value
35	5.7.4.3 Considerations 5.7.5 Secure data serialization 5.7.5.1 Requirement 5.7.5.2 Value 5.7.5.3 Considerations
36	5.7.6 Residual information purging 5.7.6.1 Requirement 5.7.6.2 Value 5.7.6.3 Considerations 5.7.7 Audit log generation and storage 5.7.7.1 Requirement 5.7.7.2 Value 5.7.7.3 Considerations
37	5.7.8 Reliable index 5.7.8.1 Requirement 5.7.8.2 Value 5.7.8.3 Considerations 5.7.9 Secure debugging 5.7.9.1 Requirement 5.7.9.2 Value 5.7.9.3 Considerations 5.7.10 Secure recovery 5.7.10.1 Requirement 5.7.10.2 Value
38	5.7.10.3 Considerations 5.7.11 Secure backup and restore 5.7.11.1 Requirement 5.7.11.2 Value 5.7.11.3 Considerations 5.7.12 Generic security platform feature 5.7.12.1 Requirement 5.7.12.2 Value 5.7.12.3 Considerations 5.8 Access control 5.8.1 General 5.8.2 Privileged access control 5.8.2.1 Requirement
39	5.8.2.2 Value 5.8.2.3 Considerations 5.8.3 Authenticated access control 5.8.3.1 Requirement 5.8.3.2 Value 5.8.3.3 Considerations 5.9 Availability 5.9.1 General 5.9.2 Constrained demands on the environment capability 5.9.2.1 Requirement 5.9.2.2 Value
40	5.9.2.3 Considerations 5.9.3 Availability support 5.9.3.1 Requirement 5.9.3.2 Value 5.9.3.3 Considerations 5.10 Minimum security functional requirements set 6 Security Process Packages (SPPs) 6.1 General
41	6.2 Secure development 6.2.1 Requirement 6.2.2 Value 6.2.3 Considerations 6.3 Trust provisioning 6.3.1 Requirement 6.3.2 Value
42	6.3.3 Considerations 7 Security Assurance Requirements (SARs) 7.1 Security assurance requirements in SESIP 7.2 Security Target requirements 7.2.1 General 7.2.2 ASE_INT.SESIP
43	7.2.3 ASE_OBJ.SESIP 7.2.4 ASE_REQ.SESIP
45	7.2.5 ASE_TSS.SESIP 7.3 Guidance documents requirements 7.3.1 AGD_PRE.SESIP
46	7.3.2 AGD_OPE.SESIP 7.4 Development requirements 7.4.1 ADV_ARC.SESIP
47	7.4.2 ADV_TDS.SESIP 7.4.3 ADV_FSP.SESIP
48	7.4.4 ADV_IMP.SESIP 7.5 Life-cycle support requirements 7.5.1 ALC_CMC.SESIP
49	7.5.2 ALC_CMS.SESIP 7.5.3 ALC_DEL.SESIP 7.5.4 ALC_DVS.SESIP
50	7.5.5 ALC_FLR.SESIP
51	7.5.6 ALC_TAT.SESIP 7.6 Tests requirements 7.6.1 ATE_COV.SESIP 7.6.2 ATE_DPT.SESIP
52	7.6.3 ATE_FUN.SESIP 7.6.4 ATE_IND.SESIP
53	7.7 Vulnerability assessment requirements 7.7.1 General 7.7.2 AVA_VAN.SESIP1 7.7.3 AVA_VAN.SESIP2
54	7.7.4 AVA_VAN.SESIP3 7.7.5 AVA_VAN.SESIP4 7.7.6 AVA_VAN.SESIP5
55	8 SESIP Assurance Levels 8.1 General 8.2 SESIP assurance level 1 (SESIP1) 8.2.1 General
56	8.2.2 Objectives 8.2.3 Assurance components 8.3 SESIP assurance level 2 (SESIP2) 8.3.1 General
57	8.3.2 Objectives 8.3.3 Assurance components
58	8.4 SESIP assurance level 3 (SESIP3) 8.4.1 General 8.4.2 Objectives
59	8.4.3 Assurance components 8.5 SESIP assurance level 4 (SESIP4) 8.5.1 General 8.5.2 Objectives 8.5.3 Assurance components
60	8.6 SESIP assurance level 5 (SESIP5) 8.6.1 General 8.6.2 Objectives
61	8.6.3 Assurance components
62	Annex A (informative)SESIP evaluation case example
63	Annex B (informative)Guidance — Attack potential rating B.1 Principles B.1.1 General B.1.2 Identification and exploitation Phases B.1.3 Physical (local) attacks and remote attacks B.2 Attack potential rating
66	Annex C (informative)Example use cases C.1 Generic examples C.1.1 IoT Cloud connectivity platform
68	C.1.2 Root-of-Trust cased on a microcontroller
71	C.2 Examples for specific use cases C.2.1 General C.2.2 Secure update of a product (OTA)
72	C.2.3 A Blood glucose measurement product (DTSec)
75	Annex D (informative)Security Target template D.1 General D.2 Security Target title page D.3 Introduction D.3.1 General D.3.2 ST reference D.3.3 Platform reference D.3.4 Included guidance documents
76	D.3.5 (Optional) Other certification D.3.6 Platform functional overview and description D.4 Security objectives for the operational environment D.4.1 Platform objectives for the operational environment
77	D.4.2 (Optional) Inherited objectives for the operational environment D.5 Security requirements and implementation D.5.1 Security Assurance Requirements D.5.1.1 General
78	D.5.1.2 Flaw reporting procedure (ALC_FLR.SESIP) D.5.1.3 Vulnerability survey (AVA_VAN.SESIP1) D.5.2 Security Functional Requirements D.5.2.1 General D.5.2.2 Verification of platform identity D.5.2.3 Secure update of platform
79	D.5.2.4 D.5.3 (Optional) Security Process Package D.5.3.1 General D.5.3.2 D.5.4 (Optional) Additional Security Functional/Process Requirements D.5.4.1 General
80	D.5.4.2 D.6 Mapping and sufficiency rationales D.6.1 General D.6.2 SESIP1 sufficiency
82	D.6.3 SESIP2 sufficiency
84	D.6.4 SESIP3 sufficiency
86	D.6.5 SESIP4 sufficiency
90	D.6.6 SESIP5 sufficiency
94	Annex E (Normative)Composition Guidelines E.1 Introduction E.2 SESIP composition process
95	E.3 SESIP composition evaluation activities E.3.1 General E.3.2 Guidelines for the developer of platform part to be integrated E.3.2.1 Providing of composition information
96	E.3.3 Guidelines for the evaluator of platform part to be Integrated E.3.3.1 Verification of composition information E.3.3.2 Writing of evaluation report for composition E.3.4 Guidelines for developer of the composition E.3.4.1 Analysis of composition information
97	E.3.4.2 Implementation of requirements for composition E.3.4.3 Security claim in Security Target in composition context
98	E.3.4.4 Providing of composition information E.3.5 Guidelines for evaluator of the composition E.3.5.1 Analysis of the composition information E.3.5.2 Implementation analysis E.3.5.3 Testing
99	E.3.5.4 Composition reporting
100	Annex F (Informative)SESIP in overall product securing process F.1 Introduction F.2 Risk analysis domain
101	F.3 Attack methods domain F.4 Security assessment
102	F.5 Flaw remediation

Additional information

Status	Definitive
Pages	104
Publication Date	2023-11-27
ISBN	978 0 539 23987 4
Standard Number	BS EN 17927:2023
Title	Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products
Identical National Standard Of	EN 17927
Descriptors	Data processing, Information operations, Safety devices, Social security, Mobile lifting platforms, Working platforms (mobile), Methodology, Safety, Risk assessment
Publisher	BSI
Committee	IST/33/3
ICS Codes	35.030 - IT Security

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 17927:2023

PDF Catalog

Related products