iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN 17927:2023

(Main)

Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.

Sicherheitsbewertungsstandard für IoT Plattformen (SESIP) - Ein effektives Verfahren zur Anwendung der Cybersicherheitsbewertung und Wiederverwendung für vernetzte Produkte

Dieses Dokument legt ein Verfahren zur Evaluierung der Cybersicherheit namens SESIP für Plattformen und Plattformteile von vernetzten IoT Produkten fest. Sicherheitsansprüche in SESIP werden auf der Grundlage der von diesen Plattformen angebotenen Sicherheitsdienste gestellt. Plattformteile können aus Hardware und Software bestehen. SESIP zielt darauf ab, die Vergleichbarkeit zwischen unabhängigen Sicherheits-evaluierungen und deren Wiederverwendung zu unterstützen. SESIP bietet eine Reihe gemeinsamer Anforderungen für die Sicherheitsfunktionalität von Plattformteilen, die auf die grundlegenden Plattformen von nicht anwendungsspezifischen Geräten Anwendung finden. Dieses Verfahren legt die Wiederverwendung von Evaluierungsergebnissen fest.

Norme d'évaluation de la sécurité pour les plates-formes IoT (SESIP) - Une méthodologie efficace pour appliquer et réutiliser des évaluations de la cybersécurité de produits connectés

Le présent document décrit une méthodologie d'évaluation de la cybersécurité, appelée SESIP, pour les plates-formes et les parties de plate-forme des produits connectés IoT. Les déclarations de sécurité de la SESIP sont fondées sur les services de sécurité offerts par ces plates-formes. Les parties de plate-forme peuvent être matérielles ou logicielles. La SESIP vise à favoriser la comparabilité et la réutilisation des évaluations de sécurité indépendantes. La SESIP fournit un ensemble commun d'exigences relatives à la fonctionnalité de sécurité des parties de plate-forme qui s'appliquent aux plates-formes de base des dispositifs qui ne sont pas spécifiques à une application. La méthodologie décrit la réutilisation des résultats d'évaluation.

Standard ocenjevanja varnosti za platforme IoT (SESIP) - Učinkovita metodologija za uporabo ocene kibernetske varnosti in ponovno uporabo za povezane izdelke

General Information

Status
Published
Publication Date
07-Nov-2023
ICS
35.030 - IT Security
35.240.95 - Internet applications
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 3 - Security evaluation and assessment
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
08-Nov-2023
Due Date
22-Aug-2023
Completion Date
08-Nov-2023
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
2019/881 - Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)
Ref Project
SIST EN 17927:2024 - Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for applying cybersecurity assessment and re-use for connected products

Buy Standard

EN 17927:2024EN 17927:2024
PreviousNext
Standard
EN 17927:2024
English language
101 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 17927:2024
01-april-2024
Standard ocenjevanja varnosti za platforme IoT (SESIP) - Učinkovita metodologija
za uporabo ocene kibernetske varnosti in ponovno uporabo za povezane izdelke
Security Evaluation Standard for IoT Platforms (SESIP) - An effective methodology for
applying cybersecurity assessment and re-use for connected products
Sicherheitsbewertungsstandard für IoT-Plattformen - Eine effektive Methode zur
Anwendung der Cybersicherheitsbewertung und Wiederverwendung für vernetzte
Produkte
Norme d'évaluation de la sécurité pour les plates-formes IoT (SESIP) - Une
méthodologie efficace pour appliquer l'évaluation de la cybersécurité et la réutilisation
des produits connectés
Ta slovenski standard je istoveten z: EN 17927:2023
ICS:
35.030 Informacijska varnost IT Security
35.240.95 Spletne uporabniške rešitve Internet applications
SIST EN 17927:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 17927:2024

---------------------- Page: 2 ----------------------
SIST EN 17927:2024


EUROPEAN STANDARD EN 17927

NORME EUROPÉENNE

EUROPÄISCHE NORM
November 2023
ICS 35.030; 35.240.95

English version

Security Evaluation Standard for IoT Platforms (SESIP).
An effective methodology for applying cybersecurity
assessment and re-use for connected products.
Norme d'évaluation de la sécurité pour les plates- Sicherheitsbewertungsstandard für IoT-Plattformen -
formes IoT (SESIP) - Une méthodologie efficace pour Eine effektive Methode zur Anwendung der
appliquer et réutiliser des évaluations de la Cybersicherheitsbewertung und Wiederverwendung
cybersécurité de produits connectés für vernetzte Produkte
This European Standard was approved by CEN on 13 April 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.



















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17927:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN 17927:2024
EN 17927:2023(E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms, definitions, symbols and abbreviated terms . 5
4 Overview . 6
5 Security Functional Requirements (SFRs) . 19
6 Security Process Packages (SPPs) . 38
7 Security Assurance Requirements (SARs) . 40
8 SESIP Assurance Levels . 53
Annex A (informative) SESIP evaluation case example .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 16739-1:2024(Main)
Industry Foundation Classes (IFC) for data sharing in the construction and facility management industries - Part 1: Data schema (ISO 16739-1:2024)
kSIST FprEN ISO 16739-1:2024

This document represents an open international standard for information used in Building Information Modeling (BIM) that is exchanged and shared among software applications used by the various participants in the construction or facility management industry sector. This document includes definitions that cover information required for buildings and infrastructure works over their life cycle. This edition of the document added coverage of information required for infrastructure facilities including bridges, roads, railways, waterways and port facilities.
This document comprises the publication of a data schema, its documentation, the property and quantity set definitions and the mechanism of an exchange file format structure.
Definitions from this document are used to support different recognized work flows in the construction and facility management industry sector, representing information deliveries. Such information deliveries can be described according to ISO 29481.
Different implementation levels of this document can be defined to better support multiple information deliveries, they are referred to as a Model View Definition (MVD). Each MVD identifies which subset of the definitions of this document imposes requirements for implementation in software applications. Conforming software applications need to identify the model view definition they conform to when applying for software certification.
The following are within the scope of this edition of this document:
BIM exchange format definitions that are required during the life cycle phases of buildings and infrastructure:
demonstrating the need;
conception of need;
outline feasibility;
substantive feasibility study and outline financial authority;
outline conceptual design;
full conceptual design;
coordinated design;
procurement and full financial authority;
production information;
construction;
operation and maintenance.
BIM exchange format definitions that are required by the various disciplines involved within the life cycle phases:
architecture and civil engineering design;
service and utilities engineering;
structural engineering;
procurement;
construction planning;
facility and utility management;
project management;
client requirement management;
industry authorities for permits and approval.
BIM exchange format definitions including:
project structure;
physical components;
spatial components;
analysis items;
processes;
resources;
controls;
actors;
context definition.

  • Draft
    406 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17294-1:2024(Main)
Water quality - Application of inductively coupled plasma mass spectrometry (ICP-MS) - Part 1: General requirements (ISO 17294-1:2024)
kSIST FprEN ISO 17294-1:2023

This document specifies the principles of inductively coupled plasma mass spectrometry (ICP-MS) and provides general requirements for the use of this technique to determine elements in water, digests of sludges and sediments (e.g. digests of water as described in ISO 15587-1 or ISO 15587-2). Generally, the measurement is carried out in water, but gases, vapours or fine particulate matter can be introduced too. This document applies to the use of ICP-MS for aqueous solution analysis.
The ultimate determination of the elements is described in a separate International Standard for each series of elements and matrix. The individual clauses of this document refer the user to these guidelines for the basic principles of the method and the configuration of the instrument.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 22435:2024(Main)
Gas cylinders - Cylinder valves with integrated pressure regulators - Specification and type testing (ISO 22435:2024)
kSIST FprEN ISO 22435:2024

This document specifies design, type test methods, marking and instruction requirements for cylinder valves with integrated pressure regulators (VIPRs) intended to be fitted to gas cylinders, pressure drums or tubes or used as a main valve for bundles of cylinders that convey compressed, liquefied or dissolved gases.
These are requirements for VIPRs that are in addition to those given in the relevant closure standard, for example, in ISO 10297 for cylinder valves, in ISO 17871 for quick-release cylinder valves, in ISO 17879 for self-closing cylinder valves or in ISO 23826 for ball valves. For ISO 17871, these requirements are only applicable to quick-release cylinder valves types B, C, D and E.
NOTE 1        If the pressure regulating system of a VIPR is acting as the primary valve operating mechanism, it is covered by the relevant closure standard, e.g. ISO 10297, ISO 17871, ISO 17879 and ISO 23826. This also includes designs where closure of the primary valve operating mechanism of a VIPR is obtained by closing the seat of the pressure regulating system.
NOTE 2        If the primary valve operating mechanism of a VIPR is located at the low-pressure side of the pressure regulating system, it is covered by the relevant closure standard, e.g. ISO 10297, ISO 17871, ISO 17879 and ISO 23826.
NOTE 3        The term “pressure receptacle” is used within this document to cover instances where no differentiation is necessary between gas cylinders, bundles of cylinders, pressure drums and tubes.
This document does not apply to VIPRs for
a)       medical applications (see ISO 10524-3);
b)       liquefied petroleum gas (LPG);
c)        cryogenic applications.
NOTE 4        Additional requirements for a VIPR with a residual pressure device (RPD) are specified in ISO 15996.
NOTE 5        Additional requirements for pressure relief valves can exist in international/regional regulations/ standards.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 683-2:2024(Main)
Aluminium and aluminium alloys - Finstock - Part 2: Mechanical properties
kSIST FprEN 683-2:2024

This document specifies the mechanical properties of wrought aluminium and wrought aluminium alloy finstock.
The chemical composition limits of these materials are specified in EN 573 3, unless otherwise agreed between supplier and purchaser.
The designations of wrought aluminium and wrought aluminium alloys and the temper designations used in this document are specified in EN 573 3, and the temper designations are defined in EN 515.

  • Draft
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 81060-2:2019/A2:2024(Amendment)
Non-invasive sphygmomanometers - Part 2: Clinical investigation of intermittent automated measurement type - Amendment 2 (ISO 81060-2:2018/Amd 2:2024)
SIST EN ISO 81060-2:2020/A2:2024
  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16783:2024(Main)
Thermal insulation products - Environmental Product Declarations (EPD) - Product Category Rules (PCR) complementary to EN 15804 for factory made and in-situ formed products
kSIST FprEN 16783:2024

This document provides the product category rules (PCR) for Type III environmental declarations (as in EN 15804:2012+A2:20191) for factory made and in situ thermal insulation products.
Complementary to EN 15804:2012+A2:20191, the PCR described in this document:
-   specify the declared unit to be used;
-   define the system boundaries for thermal insulation products;
-   specify/describe the default scenarios and rules for defining scenarios for certain life cycle information modules.
These PCR are intended to be used for cradle to gate, cradle to gate with options or cradle to grave assessment, provided the intention is properly stated in the system boundary description.

  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 16021:2024(Main)
Absorbent incontinence products for urine and/or faeces - Basic principles for evaluation of single-use adult products from the perspective of users and caregivers (ISO 16021:2024)
SIST EN ISO 16021:2024

This document provides guidelines and requirements for designing and conducting an evaluation of single-use adult incontinence absorbing products. It provides guidelines and requirements on creating data collection tools. In particular, it provides a framework for eliciting and recording the views of users and their carers on the acceptability of products. In addition, a product diary is described which can help to quantify some parameters of product use, such as wear times, the mass of urine absorbed by the product and the severity of any leakage from it.
This document does not cover direct comparison between products based on statistical parameters, neither does it provide guidelines on measuring the clinical efficacy of products; that is available in ISO 14155.

  • Draft
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 2620:2024(Main)
Analysis of natural gas - Biomethane - Determination of VOCs by thermal desorption gas chromatography with flame ionization and/or mass spectrometry detectors (ISO 2620:2024)
kSIST FprEN ISO 2620:2024

This document describes a method for sampling and analysis of volatile organic compounds (VOCs), including siloxanes, terpenes, organic sulfur compounds, in natural gas and biomethane matrices, using thermal desorption gas chromatography with flame ionization and/or mass spectrometry detectors (TD-GC-FID/MS).

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 7029:2017/A1:2024(Amendment)
Acoustics - Statistical distribution of hearing thresholds related to age and gender - Amendment 1: Correction of parameter values for estimating the hearing threshold distribution (ISO 7029:2017/Amd 1:2024)
SIST EN ISO 7029:2017/oprA1:2023
  • Draft
    6 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 18134-2:2024(Main)
Solid biofuels - Determination of moisture content - Part 2: Simplified method (ISO 18134‑2:2024)
kSIST FprEN ISO 18134-2:2024

This document specifies a method of determining the moisture content of a test sample of solid biofuels by drying in an oven and is used when the highest precision is not needed, e.g. for routine production control on site. The method described in this document is applicable to all solid biofuels. The moisture content of solid biofuels (as received) is always reported based on the total mass of the test sample (wet basis).
NOTE            Biomass materials can contain small amounts of volatile organic compounds (VOC) which can evaporate when determining moisture content by oven drying (see References [1] and [2]). The release of such compounds is quite small relative to the overall moisture content as determined by this method and is disregarded in this document.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day