iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN 17927:2024

(Main)

Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for applying cybersecurity assessment and re-use for connected products

Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for applying cybersecurity assessment and re-use for connected products

This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.

Sicherheitsbewertungsstandard für IoT-Plattformen - Eine effektive Methode zur Anwendung der Cybersicherheitsbewertung und Wiederverwendung für vernetzte Produkte

Dieses Dokument beschreibt eine Methode zur Evaluierung der Cybersicherheit namens SESIP für Plattformen und Plattformteile von vernetzten IoT-Produkten. Sicherheitsansprüche in SESIP werden auf der Grundlage der von diesen Plattformen angebotenen Sicherheitsdienste gestellt. Plattformteile können aus Hardware und Software bestehen. SESIP zielt darauf ab, die Vergleichbarkeit zwischen unabhängigen Sicherheits-evaluierungen und deren Wiederverwendung zu unterstützen. SESIP bietet eine Reihe gemeinsamer Anforderungen für die Sicherheitsfunktionalität von Plattformteilen, die auf die grundlegenden Plattformen von nicht anwendungsspezifischen Geräten Anwendung finden. Die Methode beschreibt die Wieder-verwendung von Evaluierungsergebnissen

Norme d'évaluation de la sécurité pour les plates-formes IoT (SESIP) - Une méthodologie efficace pour appliquer l'évaluation de la cybersécurité et la réutilisation des produits connectés

Le présent document décrit une méthodologie d'évaluation de la cybersécurité, appelée SESIP, pour les plates-formes et les parties de plate-forme des produits connectés IoT. Les déclarations de sécurité de la SESIP sont fondées sur les services de sécurité offerts par ces plates-formes. Les parties de plate-forme peuvent être matérielles ou logicielles. La SESIP vise à favoriser la comparabilité et la réutilisation des évaluations de sécurité indépendantes. La SESIP fournit un ensemble commun d'exigences relatives à la fonctionnalité de sécurité des parties de plate-forme qui s'appliquent aux plates-formes de base des dispositifs qui ne sont pas spécifiques à une application. La méthodologie décrit la réutilisation des résultats d'évaluation.

Standard ocenjevanja varnosti za platforme IoT (SESIP) - Učinkovita metodologija za uporabo ocene kibernetske varnosti in ponovno uporabo za povezane izdelke

General Information

Status
Published
Public Enquiry End Date
09-Feb-2023
Publication Date
22-Feb-2024
ICS
35.030 - IT Security
35.240.95 - Internet applications
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
13-Feb-2024
Due Date
19-Apr-2024
Completion Date
23-Feb-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
2019/881 - Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)
Ref Project
EN 17927:2023 - Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

Buy Standard

EN 17927:2024EN 17927:2024
PreviousNext
Standard
EN 17927:2024
English language
101 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN 17927:2023prEN 17927:2023
PreviousNext
Draft
prEN 17927:2023
English language
101 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 17927:2024
01-april-2024
Standard ocenjevanja varnosti za platforme IoT (SESIP) - Učinkovita metodologija
za uporabo ocene kibernetske varnosti in ponovno uporabo za povezane izdelke
Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for
applying cybersecurity assessment and re-use for connected products
Sicherheitsbewertungsstandard für IoT-Plattformen - Eine effektive Methode zur
Anwendung der Cybersicherheitsbewertung und Wiederverwendung für vernetzte
Produkte
Norme d'évaluation de la sécurité pour les plates-formes IoT (SESIP) - Une
méthodologie efficace pour appliquer l'évaluation de la cybersécurité et la réutilisation
des produits connectés
Ta slovenski standard je istoveten z: EN 17927:2023
ICS:
35.030 Informacijska varnost IT Security
35.240.95 Spletne uporabniške rešitve Internet applications
SIST EN 17927:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 17927:2024

---------------------- Page: 2 ----------------------
SIST EN 17927:2024


EUROPEAN STANDARD EN 17927

NORME EUROPÉENNE

EUROPÄISCHE NORM
November 2023
ICS 35.030; 35.240.95

English version

Security Evaluation Standard for IoT Platforms (SESIP).
An effective methodology for applying cybersecurity
assessment and re-use for connected products.
Norme d'évaluation de la sécurité pour les plates- Sicherheitsbewertungsstandard für IoT-Plattformen -
formes IoT (SESIP) - Une méthodologie efficace pour Eine effektive Methode zur Anwendung der
appliquer et réutiliser des évaluations de la Cybersicherheitsbewertung und Wiederverwendung
cybersécurité de produits connectés für vernetzte Produkte
This European Standard was approved by CEN on 13 April 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.



















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17927:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN 17927:2024
EN 17927:2023(E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms, definitions, symbols and abbreviated terms . 5
4 Overview . 6
5 Security Functional Requirements (SFRs) . 19
6 Security Process Packages (SPPs) . 38
7 Security Assurance Requirements (SARs) . 40
8 SESIP Assurance Levels . 53
Annex A (informative) SESIP evaluation case example .
...

SLOVENSKI STANDARD
oSIST prEN 17927:2023
01-februar-2023
Standard ocenjevanja varnosti za platforme IoT (SESIP) - Učinkovita metodologija
za uporabo ocene kibernetske varnosti in ponovno uporabo za povezane izdelke
Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for
applying cybersecurity assessment and re-use for connected products
Sicherheitsbewertungsstandard für IoT-Plattformen - Eine effektive Methode zur
Anwendung der Cybersicherheitsbewertung und Wiederverwendung für vernetzte
Produkte
Norme d'évaluation de la sécurité pour les plates-formes IoT (SESIP) - Une
méthodologie efficace pour appliquer l'évaluation de la cybersécurité et la réutilisation
des produits connectés
Ta slovenski standard je istoveten z: prEN 17927
ICS:
35.030 Informacijska varnost IT Security
35.240.95 Spletne uporabniške rešitve Internet applications
oSIST prEN 17927:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 17927:2023

---------------------- Page: 2 ----------------------
oSIST prEN 17927:2023


EUROPEAN STANDARD DRAFT
prEN 17927
NORME EUROPÉENNE

EUROPÄISCHE NORM

December 2022
ICS 35.030; 35.240.95

English version

Security Evaluation Standard for IoT Platforms (SESIP).
An effective methodology for applying cybersecurity
assessment and re-use for connected products.
Norme d'évaluation de la sécurité pour les plates- Sicherheitsbewertungsstandard für IoT-Plattformen -
formes IoT (SESIP) - Une méthodologie efficace pour Eine effektive Methode zur Anwendung der
appliquer l'évaluation de la cybersécurité et la Cybersicherheitsbewertung und Wiederverwendung
réutilisation des produits connectés für vernetzte Produkte
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.

If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.

This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

---------------------- Page: 3 ----------------------
oSIST prEN 17927:2023
prEN 17927:2022(E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms, definitions, symbols and abbreviated terms . 5
4 Overview . 6
5 Security Functional Requirements (SFRs) . 19
6 Security Process Packages (SPPs) . 38
7 Security Assurance Requirements (SARs) .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO/IEC 18045:2024(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Methodology for IT security evaluation (ISO/IEC 18045:2022)
EN ISO/IEC 18045:2023

This document is a companion document to the "Evaluation criteria for IT security", ISO/IEC 15408 (all parts). This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 Series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 Series.

  • Standard
    439 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    436 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO/IEC 27005:2024(Main)
Information security, cybersecurity and privacy protection - Guidance on managing information security risks
ISO/IEC 27005:2022

This document provides guidance to assist organizations to:
— fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
— perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

  • Standard
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    62 pages
    English language
    sale 15% off
  • Standard
    66 pages
    French language
    sale 15% off
  • Draft
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17740:2024(Main)
Requirements for professional profiles related to personal data processing and protection
EN 17740:2023

The standard defines the requirements related to the professional activity of subjects active in the processing and protection of
personal data, namely the intellectual profession that is pursued at different levels of complexity and in different organizational
contexts, both public and private.
These requirements are specified, starting from the specific tasks and activities identified, in terms of knowledge, skills and
competence, in accordance with the European Qualifications Framework - EQF and are expressed in such a way as to facilitate and
contribute to harmonize, as far as possible, evaluation and validation processes of learning outcomes.

  • Standard
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17799:2024(Main)
Personal data protection requirements for processing operations
EN 17799:2023

This document specifies baseline requirements for demonstrating compliance with the European personal data protection normative
framework in accordance with ISO/IEC 17065.

  • Standard
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17905:2024(Main)
Intelligent transport systems - eSafety - eCall HLAP in hybrid circuit switched/packet switched network environments
EN 17905:2023

In respect of 112-eCall (pan-European eCall) (operating requirements defined in EN 16072), this document defines the additional high level application protocols, procedures and processes required to provide the eCall service whilst there are still both circuit switched and packet switched wireless communication networks in operation.
NOTE    The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003 or IMS packet switched network) and to provide a means of manually triggering the notification of an emergency incident.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 60335-2-119:2024/A11:2024(Amendment)
Household and similar electrical appliances - Safety - Part 2-119: Particular requirements for commercial vacuum packaging appliances
EN IEC 60335-2-119:2024/A11:2024

This European Standard deals with the safety of commercial electric packaging appliances using vacuum conditions for food preservation, their rated voltage being not more than 250 V for single-phase appliances and 480 V for other appliances

  • Amendment
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 303 797 V2.1.1:2024(Main)
Intelligent Transport Systems (ITS) - ITS-G5 Access layer in the 5 GHz frequency band, Release 2
ETSI EN 303 797 V2.1.1 (2024-02)

DEN/ITS-00445

  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 60335-2-119:2024(Main)
Household and similar electrical appliances - Safety - Part 2-119: Particular requirements for commercial vacuum packaging appliances (IEC 60335-2-119:2021)
EN IEC 60335-2-119:2024

This European Standard deals with the safety of commercial electric packaging appliances using vacuum conditions for food preservation, their rated voltage being not more than 250 V for single-phase appliances and 480 V for other appliances

  • Standard
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 10364:2024(Main)
Structural adhesives - Determination of the pot life (working life) of multi-component adhesives (ISO 10364:2024)
EN ISO 10364:2024

This document specifies methods for determining the pot life of multi-part adhesives, in order to be able to determine whether the pot life conforms to the minimum specified working life required of an adhesive.
The different methods described in this document to measure the property do not necessarily provide identical results.
The test methods described are suitable for assessing all multi–part adhesives, and especially epoxy based and polyurethane based adhesives, but they are not suitable for some acrylic-based adhesives.
NOTE 1       Some of the methods described in this document can also be suitable for determination of working life of one-part adhesives that react to humidity (e.g. PUR prepolymers).
NOTE 2       This document can also be used for assessing non-structural adhesives.

  • Standard
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day