National Security Certifications for IT/IoT Products — DON'T GET LOST
National Security Certifications for IT/IoT Products — DON'T GET LOST
- Last Updated: November 25, 2024
Guest Author
- Last Updated: November 25, 2024
In the EU there is currently a multitude of cybersecurity certification initiatives. However, the EU wants to set up an EU-wide certification framework through the Cybersecurity Act. Currently, the central European IT security evaluation criteria are based on mutual recognition (SOG-IS), but only the following Member States are part of it: Austria, Croatia, Estonia, Finland, France, Germany, Italy, Netherlands, Luxembourg, Poland, Spain and Sweden in addition to the UK and Norway.
Some have developed national certification initiatives that aren’t mutually recognized. Let’s have a look at a few national certifications for ICT products.
Image credit: John Schnobrich on Unsplash
Commercial Product Assurance (CPA)
CPA is a UK-based national scheme for commercial off-the-shelf products. It’s open to all vendors, suppliers, and developers of security products whose sales base is in the UK. Since it assures security products; they are assessed against SCs (Security Characteristics) for each product type. These include web application firewalls, encryption, and smart meters. SCs also have three mitigations or requirements that each product is expected to satisfy: development, verification, and deployment.Baseline Security Product Assessment (BSPA)
The Dutch Baseline Security Product Assessment scheme started its pilot phase in 2015. The scheme assesses the suitability of IT security products for use in the “sensitive but unclassified” domain. It’s pretty expensive to attain, and the overall process takes up to 2 months. The average costs of certification under Baseline Security Product Assessment in the Netherlands are around 40 thousand euros.
Certification Sécuritaire de Premier Niveau (CSPN)
The National Cybersecurity Agency of France (Agence Nationale de la sécurité des systèmes d’information – ANSSI) established CSPN in 2008. It’s an IT Security Certification Scheme that offers a cheaper, faster alternative to Common Criteria (CC) and Federal Information Processing Standard (FIPS) approach. CSPN is a pretty lightweight certification process that lasts up to 8 weeks and costs between 25 thousand and 35 thousand euros.
All of the security criteria that a product needs to meet, as well as the methodology and process of certification, are based on the standard created by the ANSSI. It only applies in France, although similar models might soon be adopted across the European Union and even the U.S.
SOG-IS MRA
The SOG-IS agreement (Senior Officials Group — Information Systems Security) came as a response to the EU Council Decision of March 31st, 1992. The participants of the Agreement are government agencies and organizations from EU or EFTA (European Free Trade Association) countries.
SOG-IS MRA is the leading certification mechanism in Europe, but it only includes 12 Member States plus Norway. It also hasn’t developed many protection profiles — it covers mainly digital signatures, digital tachograph, and smart cards.
How to make the best out of it?
You’ll likely require some of these national security certifications if you wish to sell your product in the UK, the Netherlands or France. The process can be long, but in most cases not as long as it is for a CC certification which can take over a year in some cases. Regardless of what the device you sell is, you might have to comply with the local security standards. These standards vary even across the EU, which makes the implementation process costly and time-consuming. The best solution to that is simply to meet all national security requirements at the same time by implementing a smart security assurance framework.
New Podcast Episode
The State of IoT Adoption
Recent Articles
Related Solutions
Service Intelligence for Auto Service Providers
Gain insights into bay utilization, crew performance, and improve customer satisfaction
Gain insights into bay utilization, crew performance, and improve customer satisfaction
Leverege
Leverege
Lot Management for Dealerships
Helping dealers with quicker theft recovery, more efficient reporting, and enhanced customer experience
Helping dealers with quicker theft recovery, more efficient reporting, and enhanced customer experience
Leverege
Leverege
Yard Management for Auto Manufacturers
Enabling workers to Instantly locate vehicles, reduce labor costs and better detection of bottlenecks to improve efficiency
Enabling workers to Instantly locate vehicles, reduce labor costs and better detection of bottlenecks to improve efficiency
Leverege
Leverege
Energy Monitoring for Grocery Stores
Helping retailers reduce and audit energy consumption while eliminating equipment downtime and lost inventory
Helping retailers reduce and audit energy consumption while eliminating equipment downtime and lost inventory
Leverege
Leverege
Inventory Visibility for Retailers
Equipping retailers with highly accurate inventory cycle counting to help increase sales and reduce theft
Equipping retailers with highly accurate inventory cycle counting to help increase sales and reduce theft
Leverege
Leverege
Related Solutions
Automotive
Service Intelligence for Auto Service Providers
Gain insights into bay utilization, crew performance, and improve customer satisfaction
Leverege
Automotive
Lot Management for Dealerships
Helping dealers with quicker theft recovery, more efficient reporting, and enhanced customer experience
Leverege
Automotive
Yard Management for Auto Manufacturers
Enabling workers to Instantly locate vehicles, reduce labor costs and better detection of bottlenecks to improve efficiency
Leverege
Retail
Energy Monitoring for Grocery Stores
Helping retailers reduce and audit energy consumption while eliminating equipment downtime and lost inventory
Leverege
Retail
Inventory Visibility for Retailers
Equipping retailers with highly accurate inventory cycle counting to help increase sales and reduce theft
Leverege