Cybersecurity Certification

DEKRA provides expert product certification services according to the international standards “Common Criteria”, the corresponding ISO 15408.

Common Criteria (ISO 15408) is the only globally mutually recognized product security standard worldwide and can be used to certify any IT system or device providing security functions. In some industries Common Criteria may be a market entry requirement or a specific security assurance requirement demanded by governmental regulations. Our team of project managers and evaluators sums up more than 100 years (and counting) of experience in such field. It demonstrates DEKRA’s commitment to global customers on reliability and cybersecurity.

DEKRA provides expert product certification services according to the standards FIPS 140-3 the corresponding ISO 19790. FIPS 140-3 is the de-facto standard to certify cryptography implemented in hardware and software products. ISO 19790 is an equivalent standard based on FIPS 140-3. DEKRA lab code is 200856-0.

Specifies the security requirements that will be satisfied by a CM utilized within a security system protecting sensitive information. The certification laboratory has been working for more than 20 years in evaluations with all kind of cryptographic modules. We have been at every side of the story, and we know how to tell it.

IEC-62443 is a series of standards including technical reports to secure Industrial Automation and Control Systems (IACS). It provides a systematic and practical approach to cybersecurity for industrial systems. Every stage and aspect of industrial cybersecurity is covered, from risk assessment through operations.

The networking of industrial devices means that their safe operation increasingly depends on protection against security threats. Therefore, cyber security is an important pillar of the overall security and therefore a necessary and important part of our conformity assessment procedure.

DEKRA is an accredited testing laboratory according to DIN EN ISO/IEC 17025:2005, we test security on the basis of the DIN IEC 62443 series of standards:

• Secure Product Development Lifecycle Requirements (DIN EN 62443-4-1)
• Technical security requirements for IACS components (DIN EN 62443-4-2)
• System security requirements and security levels (DIN EN 62443-3-3)
• Security program requirements for IACS service providers (DIN IEC 62443-2-4)

LINCE is a CCN lightweight evaluation and certification standard that can be used to certify IT products with low or medium criticality. It provides proper methodology including a limited scope for evaluations in terms of timing and effort, which makes it an attractive option for vendors wanting to get their certificate in a timely fashion.

DEKRA has a robust background in the evaluation and testing of market leading manufacturers of networks equipment and infrastructure. “Network Equipment Security Assurance Scheme (NESAS)” provides “out of the box” security assurance to operators and vendors, ensuring a common baseline security level for the industry. Life cycle processes audit & Network equipment evaluation.

eIDAS is an European regulation for the certification of trusted services providers. DEKRA passed ISO/IEC 17065 accreditation and acts as Certification Assessment Body (CAB) for offering auditing and certification services with a dedicated team of experts in the trusted services field, such as Electronic signature systems, Issuance of certificates for signature, stamp, time stamp, Electronic delivery, Signature preservation, etc.