Cyber Security Testing & Certification

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO 15408) for cyber security certification. Certification according to the Common Criteria provides assurance that the implementation, specification and evaluation of an IoT product or system has been conducted in a sound and repeatable manner.

The CC standard defines seven evaluation assurance levels (EAL) which provide a sliding scale of assurance from EAL1 (lowest) to EAL7 (highest). At DEKRA, we can test and evaluate your products and systems in line with the CC.

Electronic Identification, Authentication and Trust Services (eIDAS) is an EU regulation on electronic identification and trust services for electronic transactions.

DEKRA, as an eIDAS Regulation (EU) 910/2014 Conformity Assessment Body assessing Trust Service Providers in compliance with ISO/IEC 17065 and ETSI EN 319 403, provides evaluation and compliance certification services, issuing both eIDAS Conformity Certificates and Conformity Assessment Reports.

Find more information about the certification process. 

If you are interested in certifying your TSP services, please submit the next  application form. 

DEKRA maintains a list of valid issued certificates. This list includes a link to a downloadable Conformity Certificates, which provides the identification of the scope of certification and the identification of the relevant trust service policy (or policies) and/or trust service(s) where applicable.

Sistemas Informáticos Abiertos, S.A. Avenida de Europa, 2, Alcor Plaza Edificio B, Parque Oeste Alcorcón 28922 Alcorcón - Madrid (España)
Audited services	Certificate dated
Servicio de expedición de certificados electrónicos cualificados de firma electrónica  Qualified certificate for electronic signature	May 19th, 2022
Servicio de expedición de certificados electrónicos cualificados de sello electrónico  Qualified certificate for electronic seal	May 19th, 2022
Servicio de expedición de sellos electrónicos cualificados de tiempo  Qualified time stamp	May 19th, 2022
Servicio cualificado de entrega electrónica certificada  Qualified electronic registered delivery service	May 19th, 2022
Servicio de expedición de certificados electrónicos cualificados de autenticación de sitio web  Qualified certificate for website authentication	May 19th, 2022
Servicio de expedición de certificados electrónicos cualificados de autenticación de sitios web variante PSD2  Qualified certificate for website authentication, PSD2 variant	May 19th, 2022
Audit Attestation letter	September 17th, 2021

The Federal Information Processing Standard 140-3 is a U.S. government computer security standard used to approve cryptographic modules. DEKRA is a Cryptographic Module Testing Laboratory and handles testing according to this standard for both the Canadian and US markets. DEKRA lab code is 200856-0.

DEKRA also offers cryptographic module testing according to the security requirements as stated in ISO 19790. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments.

DEKRA has been recognized by the IECEE, the global certification scheme for testing, assessment and certification against the IEC 62443 series of standards. CB certificates are accepted worldwide as proof of compliance with international standards and they provide reassurance that processes and products comply with stringent security requirements or standards.

CB cyber security certification gives your stakeholders peace of mind that your products, processes and solutions comply with the strict fundamental security requirements outlined in IEC 62443.

DEKRA can provide you with Achilles Communication Certification (ACC) from GE Digital. As the industry-leading benchmark for communication robustness, Achilles Communication Certification is highly recognized, particularly in North America, for operational technologies used in critical infrastructure.

We offer conformance testing and functional security evaluations for MME devices and mobile network elements according to these specifications: 3GPP TR 33.916, TR 33.116, and TR 33.117.

DEKRA is recognized by the GSMA as a security lab offering the GSMA IoT Security Assessment as a service, providing IoT security capability to the wider ecosystem. These services can help companies without the necessary resources or expertise to complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling organizations to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines.

The GSMA IoT Security Guidelines is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.

Benefits of GSMA IoT Security Assessment:

• It is based on a structured approach and concise security controls;
• Covers the whole ecosystem;
• Can fit into a supply chain model;
• Provides a flexible framework that addresses the diversity of the IoT market.

The GSMA, together with the mobile industry, has devised a range of valuable resources providing guidance and expertise to help companies with the challenge of securing the IoT. To enable a secure market, companies have to take responsibility and embed security at every stage of the IoT value chain.
The GSMA IoT Security Guidelines and IoT Security Assessment (GSMA IoT Security Assessment) provides a proven and robust approach to end-to-end security. Over 15 leading global mobile operators, their partners, governments and industry bodies are using the guidelines and assessment to encourage industry-wide security for a robust IoT.