Cyber Security Certification

Accredited Cyber Security Certification Services

Third-party cyber security certification provides accredited and independent proof our customers need to prove their products and processes comply with globally recognized security requirements and standards.

The benefits of Cyber Security Certification

  • Proof that hardware and software are secure

  • Expert product and processes certification services according to international standards

  • Used to certify any IT system or device providing security functions

  • Maintain all necessary IT security certificates

Cyber Security Certification

About Cyber Security Certification

Our cyber security certification experts provide our customers with the peace of mind that their hardware and software products comply with globally recognized security requirements and standards. Our dedicated and experienced team of more than 40 security evaluation engineers is focus in excellence as the main trust and assurance provider through rigorous and transparent evaluation and testing processes.

The company has an extensive portfolio of services and customers, from Certification Bodies to Product Developers, Consultancy Companies and Evaluation Facilities.

DEKRA’s cyber security certification services cover:

  • GAP analysis and pre-evaluation services
  • Vulnerability assessment and penetration testing
  • Training and workshops
  • Consulting services for successful security evaluations
  • Evaluation services:
    • ISO 15408 / Common Criteria
    • FIPS 140-2 / ISO 19790 (Cryptographic Modules and algorithms)
    • LINCE – lightweight CCN methodology
    • GSMA - NESAS 3GPP evaluations
    • eIDAS regulation for Trusted Services Providers
  • Maintenance of the certificates
  • Evaluation services for IT system or devices against a vendor defined security target or protection profile

Common Criteria

DEKRA provides expert product certification services according to the international standards “Common Criteria”, the corresponding ISO 15408,

Common Criteria (ISO 15408) is the only globally mutually recognized product security standard worldwide and can be used to certify any IT system or device providing security functions. In some industries Common Criteria may be a market entry requirement or a specific security assurance requirement demanded by governmental regulations. Our team of project managers and evaluators sums up more than 100 years (and counting) of experience in such field. It demonstrates DEKRA’s commitment to global customers on reliability and cybersecurity.

FIPS 140-2

DEKRA provides expert product certification services according to the standards FIPS 140-2 the corresponding ISO 19790. FIPS 140-2 is the de-facto standard to certify cryptography implemented in hardware and software products. ISO 19790 is an equivalent standard based on FIPS 140-2.

Specifies the security requirements that will be satisfied by a CM utilized within a security system protecting sensitive information.

The certification laboratory has been working for more than 20 years in evaluations with all kind of cryptographic modules. We have been at every side of the story, and we know how to tell it.

IEC 62443, Cyber Security for industrial plants, IIoT and IoT

IEC-62443 is a series of standards including technical reports to secure Industrial Automation and Control Systems (IACS). It provides a systematic and practical approach to cybersecurity for industrial systems. Every stage and aspect of industrial cybersecurity is covered, from risk assessment through operations.

The networking of industrial devices means that their safe operation increasingly depends on protection against security threats. Therefore, cyber security is an important pillar of the overall security and therefore a necessary and important part of our conformity assessment procedure.

DEKRA is an accredited testing laboratory according to DIN EN ISO/IEC 17025:2005, we test security on the basis of the DIN IEC 62443 series of standards:

  • Secure Product Development Lifecycle Requirements (DIN EN 62443-4-1)
  • Technical security requirements for IACS components (DIN EN 62443-4-2)
  • System security requirements and security levels (DIN EN 62443-3-3)
  • Security program requirements for IACS service providers (DIN IEC 62443-2-4)

LINCE

LINCE is a CCN lightweight evaluation and certification standard that can be used to certify IT products with low or medium criticality. It provides proper methodology including a limited scope for evaluations in terms of timing and effort, which makes it an attractive option for vendors wanting to get their certificate in a timely fashion.

GSMA – NESAS 3GPP

DEKRA has a robust background in the evaluation and testing of market leading manufacturers of networks equipment and infrastructure. “Network Equipment Security Assurance Scheme (NESAS)” provides “out of the box” security assurance to operators and vendors, ensuring a common baseline security level for the industry. Life cycle processes audit & Network equipment evaluation.

eIDAS regulation

eIDAS is an European regulation for the certification of trusted services providers. DEKRA passed ISO/IEC 17065 accreditation and acts as Certification Assessment Body (CAB) for offering auditing and certification services with a dedicated team of experts in the trusted services field, such as Electronic signature systems, Issuance of certificates for signature, stamp, time stamp, Electronic delivery, Signature preservation, etc.

Share page
Contact