In a time of increasing cyber threats, evaluations and certification show customers that a company takes the risks involved in data privacy seriously and works to minimize them – in other words, verified security.
Evaluations in lab tests determine whether an IT product or system provides suitable security measures and accurately and effectively complies with the user’s individual security requirements. If so, the product or system can be certified based on test results. For many applications, their release or design approval depends on a successful security evaluation. Verification of the reliability of security aspects is generally outsourced to an independent, qualified service provider like T-Systems’ licensed test facility.
Verified security for any situation
T-Systems conducts its evaluations based on internationally recognized standards like ITSEC or Common Criteria for Information Technology Security Evaluation – abbreviated as Common Criteria (CC). This common, globally recognized standard for verified security defines the criteria that make up the security of computer systems. These were included in the ISO/IEC 15408 international standards. The German Federal Office for Information Security (BSI) has recognized T-Systems for CC evaluations up to EAL7 with no technological limitations.
Industry-specific verification by T-Systems is also accepted worldwide by different standards and organizations. In the financial sector, for example, verified security is one of the criteria for payment components and networks
of the Deutsche Kreditwirtschaft German banking association, EMVCo, MasterCard, Visa and PCI (Payment Card Industry),
the Irdeto’s Secure Chip Security Robustness Evaluation Specification and Viaccess-Orca standards as well as Nagra’s NOCS3.0 program in the pay-TV sector and
EuroPrise in the data privacy sector (recognized in the EU).
Security integrated circuits including crypto libraries, firmware and operating systems (e.g., smart cards, system-on-chip (SoC), embedded controllers)
Hardware security modules (HSM; e.g., for PKI or banking, random number generators)
Embedded systems and terminals (e.g., smart phones/tablets, M2M (machine-to-machine) devices, payment terminals, digital tachographs, automotive, avionic and satellite embedded security hardware und software, set top boxes, eHealth connectors)
Applications (e.g., obfuscated software, hard disk encryption software, digital signature, middleware for eGovernment electronic transactions)
AIS20 and AIS31 random number generator evaluation methodology (co-author)
AIS34 evaluation methodology for CC Assurance Classes for EAL5+ und EAL6 (major contribution, editor)
AIS14 Guidelines for Evaluation Reports (co-author)
Elliptic Curve Cryptography security evaluation guide (part of BSI scheme)
Independent and objective evaluations = verified security
T-Systems has been active as a licensed testing site since 1991. What counts here is being independent and objective. Combined with technical and methodological expertise, these form the basis for becoming a recognized testing site. T-Systems has its own lab with the latest advanced equipment for evaluating hardware and software.
The list of customers includes international manufacturers of security products. Our T-Systems consultants help plan and conduct the verified security evaluation process. They point out weak areas to the customer and bring them up-to-date on the latest attack methods and scenarios. This lays down the foundation for creating sustainable security measures and building a reputation as a leading supplier of security technology.