Cyber Security Testing & Certification

We work to create a safe, secure and reliable future

Safe is securing your products, processes and systems
Keeping people safe when they use technology is one of the key challenges, now and in the future. That is why cyber security has become an essential part of both safety testing and connectivity testing. Today, almost everything is connected to the internet or to local networks. Devices, equipment, vehicles, machines and installations are increasingly controlled either directly or via the cloud. Securing these products is vital in order to safeguard consumers and critical infrastructures alike.

In addition, numerous cyber security laws will be implemented in the near future. The Network and Information Systems (NIS) Directive for the protection of critical infrastructures has been implemented Europe-wide. By 2019, the EU and USA will have implemented their Cyber Security Act and Securing IoT Act, respectively, both of which will impose stringent requirements on the security of all Internet of Things (IoT) products.

Request a quote

+31 88 830 9613 (NL)

+ 34 952 619 100 (ES)

wireless.global.es@dekra.com
Why DEKRA?

DEKRA Cyber Security Package
The DEKRA Cyber Security Package aims to secure your products, processes and systems by means of thorough product cyber security evaluations and certification.

Recognition of Common Criteria
DEKRA has acquired Epoche & Espri, specialized in testing internationally recognized security standards. Along with conformance testing against international frameworks such as FIPS 140-2 and ISO 19790, Epoche & Espri focuses on certification in line with the Common Criteria.

International competence center
At our international competence center, we make sure that we stay up to date in the field by continuously conducting research into security vulnerabilities. Our expert engineers have extensive knowledge of specific technologies and many years of experience with product security evaluations and penetration testing.

Strong product focus
We have a strong product focus in cyber security evaluations and assessments for many different markets, including consumer products, ICT and automotive.
DEKRA Cyber Security Package

Depending on your product and market, you may have a number of specific cyber security challenges. The DEKRA Cyber Security Package aims to secure your products, processes and systems by means of thorough product cyber security evaluations and certification.

Our cyber security experts will design a tailor-made cyber security package according to your specific needs and challenges, optimized to offer you the best possible support. With just one contact person to guide you throughout the process, we will take away any last doubts that prevent you from working on a comprehensive implementation of cyber security best practices.

Our experts have run tailored cyber security packages for various markets, among which automotive, ICT and healthcare.

Selected recognitions

• Achilles Communication Certification
• IECEE CB Cyber Security Certification (IEC 62443)
• Common Criteria Evaluation
• ISO 15408
• ISO 19790
• FIPS 140-2
• 3GPP TR 33.916, TR 33.116, TR 33.117
• eIDAS certification body
Cyber Security
Survival paces and challenges in cyber security development. It’s interesting that when you google ‘trust’, many of the search results are about winning back trust, not just about establishing it.

Download greenpaper
Product cyber security evaluations

Our engineers have extensive expert knowledge of specific technologies and many years of experience with product security evaluations and penetration testing. In addition, they continuously conduct research into security vulnerabilities to stay up to date in their field. Without the need of a specific standard, we can evaluate whether your products are cyber secure using our formal and systematic security evaluation framework. The framework is based on recognized and well-known methodologies.

We perform the individual security evaluation based on a formal security assessment and penetration testing, conducted by our team of white hat cyber security professionals. Our services cover amongst others smart devices, healthcare devices, and the connected car and take i.a. hardware, protocols, web and cloud services, applications, and user interfaces into account to ensure a secure and reliable product.

Cyber security certification

Today’s and tomorrow’s consumers, operators of critical infrastructures, and regulators all expect secure and trusted communication devices. Third-party certification against security standards provides independent proof that your products and processes comply with stringent security requirements or standards. Are you looking to get your processes or products certified? Read on to find out how we can help you.
Cyber Security certification:

Common Criteria / ISO 15408
The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO 15408) for cyber security certification. Certification according to the Common Criteria provides assurance that the implementation, specification and evaluation of an IoT product or system has been conducted in a sound and repeatable manner.

The CC standard defines seven evaluation assurance levels (EAL) which provide a sliding scale of assurance from EAL1 (lowest) to EAL7 (highest). At DEKRA, we can test and certify your products and systems in line with the CC.

eIDAS Certification
Electronic Identification, Authentication and Trust Services (eIDAS) is an EU regulation on electronic identification and trust services for electronic transactions.

At DEKRA, we offer certification services for eIDAS as a certification body according to ETSI EN 319 409, ETSI EN 319 411, ETSI EN 319 412, ETSI EN 319 421, ETSI EN 319 422 and ETSI EN 319 401.

FIPS 140-2 / ISO 19790
The Federal Information Processing Standard 140-2 is a U.S. government computer security standard used to approve cryptographic modules. DEKRA is a Cryptographic Module Testing Laboratory and handles testing according to this standard for both the Canadian and US markets.

DEKRA also offers cryptographic module testing according to the security requirements as stated in ISO 19790. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments.

IEC 62443
DEKRA has been recognized by the IECEE, the global certification scheme for testing, assessment and certification against the IEC 62443 series of standards. CB certificates are accepted worldwide as proof of compliance with international standards and they provide reassurance that processes and products comply with stringent security requirements or standards.

CB cyber security certification gives your stakeholders peace of mind that your products, processes and solutions comply with the strict fundamental security requirements outlined in IEC 62443.

Achilles Communication
DEKRA can provide you with Achilles Communication Certification (ACC) from GE Digital. As the industry-leading benchmark for communication robustness, Achilles Communication Certification is highly recognized, particularly in North America, for operational technologies used in critical infrastructure.

3GPP for MME devices
We offer conformance testing and functional security evaluations for MME devices and mobile network elements according to these specifications: 3GPP TR 33.916, TR 33.116, and TR 33.117.

GSMA IoT Security Assessment
DEKRA is recognized by the GSMA as a security lab offering the GSMA IoT Security Assessment as a service, providing IoT security capability to the wider ecosystem. These services can help companies without the necessary resources or expertise to complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling organizations to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines.

The GSMA IoT Security Guidelines is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.

Benefits of GSMA IoT Security Assessment:

• It is based on a structured approach and concise security controls;
• Covers the whole ecosystem;
• Can fit into a supply chain model;
• Provides a flexible framework that addresses the diversity of the IoT market.

The GSMA, together with the mobile industry, has devised a range of valuable resources providing guidance and expertise to help companies with the challenge of securing the IoT. To enable a secure market, companies have to take responsibility and embed security at every stage of the IoT value chain.
The GSMA IoT Security Guidelines and IoT Security Assessment (GSMA IoT Security Assessment) provides a proven and robust approach to end-to-end security. Over 15 leading global mobile operators, their partners, governments and industry bodies are using the guidelines and assessment to encourage industry-wide security for a robust IoT.

Cyber Security certification:

Common Criteria / ISO 15408
The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO 15408) for cyber security certification. Certification according to the Common Criteria provides assurance that the implementation, specification and evaluation of an IoT product or system has been conducted in a sound and repeatable manner.

The CC standard defines seven evaluation assurance levels (EAL) which provide a sliding scale of assurance from EAL1 (lowest) to EAL7 (highest). At DEKRA, we can test and certify your products and systems in line with the CC.

eIDAS Certification
Electronic Identification, Authentication and Trust Services (eIDAS) is an EU regulation on electronic identification and trust services for electronic transactions.

At DEKRA, we offer certification services for eIDAS as a certification body according to ETSI EN 319 409, ETSI EN 319 411, ETSI EN 319 412, ETSI EN 319 421, ETSI EN 319 422 and ETSI EN 319 401.

FIPS 140-2 / ISO 19790
The Federal Information Processing Standard 140-2 is a U.S. government computer security standard used to approve cryptographic modules. DEKRA is a Cryptographic Module Testing Laboratory and handles testing according to this standard for both the Canadian and US markets.

DEKRA also offers cryptographic module testing according to the security requirements as stated in ISO 19790. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments.

IEC 62443
DEKRA has been recognized by the IECEE, the global certification scheme for testing, assessment and certification against the IEC 62443 series of standards. CB certificates are accepted worldwide as proof of compliance with international standards and they provide reassurance that processes and products comply with stringent security requirements or standards.

CB cyber security certification gives your stakeholders peace of mind that your products, processes and solutions comply with the strict fundamental security requirements outlined in IEC 62443.

Achilles Communication
DEKRA can provide you with Achilles Communication Certification (ACC) from GE Digital. As the industry-leading benchmark for communication robustness, Achilles Communication Certification is highly recognized, particularly in North America, for operational technologies used in critical infrastructure.

3GPP for MME devices
We offer conformance testing and functional security evaluations for MME devices and mobile network elements according to these specifications: 3GPP TR 33.916, TR 33.116, and TR 33.117.

GSMA IoT Security Assessment
DEKRA is recognized by the GSMA as a security lab offering the GSMA IoT Security Assessment as a service, providing IoT security capability to the wider ecosystem. These services can help companies without the necessary resources or expertise to complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling organizations to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines.

The GSMA IoT Security Guidelines is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.

Benefits of GSMA IoT Security Assessment:

• It is based on a structured approach and concise security controls;
• Covers the whole ecosystem;
• Can fit into a supply chain model;
• Provides a flexible framework that addresses the diversity of the IoT market.

The GSMA, together with the mobile industry, has devised a range of valuable resources providing guidance and expertise to help companies with the challenge of securing the IoT. To enable a secure market, companies have to take responsibility and embed security at every stage of the IoT value chain.
The GSMA IoT Security Guidelines and IoT Security Assessment (GSMA IoT Security Assessment) provides a proven and robust approach to end-to-end security. Over 15 leading global mobile operators, their partners, governments and industry bodies are using the guidelines and assessment to encourage industry-wide security for a robust IoT.
Meet our experts