Cybersecurity Testing & Certification

Cybersecurity Evaluations and Certifications for a Safe, Secure and Reliable Future

Keeping people safe when they use technology is one of the key challenges, now and in the future. In today’s economy, almost everything is connected to the internet or to local networks. Securing devices, equipment, vehicles, machines and installations is vital in order to safeguard consumers and critical infrastructures alike. That is the reason why cybersecurity has become an essential part of both safety testing and connectivity testing.

DEKRA’s Cybersecurity division offers customers thorough cybersecurity evaluations and certification of products, processes and systems for many different markets, including IoT consumer, ICT and automotive. Our services cover the whole product life cycle, from design to maintenance and deployment:

Risk Analysis, Security Requirements Definition, Functional Testing and Threat Modelling
Vulnerability assessment and penetration testing before and after product launch
Certification against widely accepted cybersecurity standards and private schemes
Cybersecurity surveillance and maintenance during the entire product life cycle

Cybersecurity Package

DEKRA's cybersecurity suite helps our customers to address a wide range of specific cyber security issues and challenges.

We offer solutions for customers to test, evaluate and certify their devices against widely recognized standards such as Common Criteria (ISO 15408), FIPS 140-3 (ISO 19790), eIDAS regulation, LINCE, GSMA - NESAS 3GPP, as well as traditional cyber security services such as vulnerability assessment and penetration testing conducted by qualified engineers.

Additionally, DEKRA has obtained accreditations for private certification schemes such as CTIA, Amazon AVS, GSMA, or ioXt alliance, among others.

In addition to this, our experts already offer evaluations according to upcoming standards such as ETSI EN 303 645 which will be key within the Cybersecurity Act for consumer IoT devices within the European Union and additional countries that will adhere to it (Singapore, Australia).

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO 15408) for cyber security certification. Certification according to the Common Criteria provides assurance that the implementation, specification and evaluation of an IoT product or system has been conducted in a sound and repeatable manner.

The CC standard defines seven evaluation assurance levels (EAL) which provide a sliding scale of assurance from EAL1 (lowest) to EAL7 (highest). At DEKRA, we can test and evaluate your products and systems in line with the CC.

Electronic Identification, Authentication and Trust Services (eIDAS) is an EU regulation on electronic identification and trust services for electronic transactions.

DEKRA, as an eIDAS Regulation (EU) 910/2014 Conformity Assessment Body assessing Trust Service Providers in compliance with ISO/IEC 17065 and ETSI EN 319 403, provides evaluation and compliance certification services, issuing both eIDAS Conformity Certificates and Conformity Assessment Reports.

The Federal Information Processing Standard 140-3 is a U.S. government computer security standard used to approve cryptographic modules. DEKRA is a Cryptographic Module Testing Laboratory and handles testing according to this standard for both the Canadian and US markets. DEKRA lab code is 200856-0.

DEKRA also offers cryptographic module testing according to the security requirements as stated in ISO 19790. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments.

DEKRA has been recognized by the IECEE, the global certification scheme for testing, assessment and certification against the IEC 62443 series of standards. CB certificates are accepted worldwide as proof of compliance with international standards and they provide reassurance that processes and products comply with stringent security requirements or standards.

CB cyber security certification gives your stakeholders peace of mind that your products, processes and solutions comply with the strict fundamental security requirements outlined in IEC 62443.

DEKRA can provide you with Achilles Communication Certification (ACC) from GE Digital. As the industry-leading benchmark for communication robustness, Achilles Communication Certification is highly recognized, particularly in North America, for operational technologies used in critical infrastructure.

We offer conformance testing and functional security evaluations for mobile network components according to these specifications: 3GPP TS 33.116 (MME), TS 33.117 (general), TS 33.216 (eNodeB) and TS 33.511 (gNodeB).

DEKRA is recognized by the GSMA as a security lab offering the GSMA IoT Security Assessment as a service, providing IoT security capability to the wider ecosystem. These services can help companies without the necessary resources or expertise to complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling organizations to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines.

Cybersecurity Testing and Certification

Get in contact

Why DEKRA?

DEKRA Cyber Security Package

The DEKRA Cyber Security Package aims to secure your products, processes and systems by means of thorough product cyber security evaluations and certification.

Recognition of Common Criteria

DEKRA has acquired Epoche & Espri, specialized in testing internationally recognized security standards. Along with conformance testing against international frameworks such as FIPS 140-2 and ISO 19790, Epoche & Espri focuses on certification in line with the Common Criteria.

Strong product focus

At our international competence center, we make sure that we stay up to date in the field by continuously conducting research into security vulnerabilities. Our expert engineers have extensive knowledge of specific technologies and many years of experience with product security evaluations and penetration testing.