6554 - One Audit- Multiple Certifications Harmonizing Security Standards.pdf

《6554 - One Audit- Multiple Certifications Harmonizing Security Standards.pdf》由會員分享，可在線閱讀，更多相關《6554 - One Audit- Multiple Certifications Harmonizing Security Standards.pdf（14頁珍藏版）》請在三個皮匠報告上搜索。

1、1Mafalda CortezOne audit,Multiple Certifications:Harmonizing Security Standards Cyber Security&Data Protection2One audit,Multiple Certifications:Harmonizing Security Standards Cyber Security&Data ProtectionMafalda CortezCYBER SECURITY&DATA PROTECTION3 Introduction Understanding OCP SAFE Security cer

2、tification landscape Comparing OCP SAFE with other certifications Strategies for certification efficiency Practical takeaways&recommendations Closing remarks&Q&AAgenda4Introduction Why security audits matters for Data Center Devices Increasing security threats and incidents in cloud environments.Key

3、 to user trust,especially with a complex supply chain and live software updates.Need for standardized security frameworks to ease compliance and mitigate risks5 What is OCP SAFE?SAFE=Security Appraisal Framework and Enablement An initiative under the Open Compute Project(OCP).Designed to harmonize s

4、ecurity expectations across cloud service providers.Goals of OCP SAFE Standardization:Define security requirements applicable across multiple cloud platforms.Unified Review Process:Enable a single security evaluation accepted by different providers.Lifecycle Security Management:Maintain security com

5、pliance over the devices lifespan.Benefits of OCP SAFE For Cloud Service Providers:Consistency in device security assurance.For Device Manufacturers:Reduced complexity in meeting diverse cloud provider requirements.For the Industry:Establishing a shared security baseline.Understanding OCP SAFE6Secur

6、ity Certification LandscapeFIPS 140(Federal Information Processing Standard)Focus:Cryptographic module security compliance.Required by US federal agencies and some regulated industries.Industry Adoption&Relevance:widely mandated in regulated industriesSESIP(Security Evaluation Standard for IoT Platf

7、orms)Focus:Flexible,scalable IoT security certification.Based on Common Criteria methodology,adapted for IoT(lean).Industry Adoption&Relevance:gaining traction in IoT security evaluationsARM PSA(Platform Security Architecture)Focus:Secure design and certification for RoT and components Security guid

8、elines and evaluations for chip manufacturers and device makers.Industry Adoption&Relevance:critical for embedded and mobile securityOverview of Key Certifications7Comparing OCP Safe with other certifications Areas of Overlap:Common Security Requirements Cryptographic requirements(FIPS 140,ARM PSA,S

9、ESIP,SAFE).Firmware and software integrity checks(SAFE,SESIP,PSA).Secure boot and root of trust mechanisms(SAFE,SESIP,PSA).Device lifecycle security(SAFE,SESIP).8Comparing OCP Safe with other certifications Key Differences:Scope,Depth&Attack VectorsCertificationScopeDepth(Attack vectors covered)OCP

10、SAFEData center devicesSupply chain security,firmware validation,cryptographic functionsFIPS 140Cryptographic modulesCryptographic validation,key management,tamper resistanceSESIPIoT SecurityScalable security levels,lifecycle security,software integrityARM PSAEmbedded SystemsRoot of Trust,firmware s

11、ecurity,threat modelingCertification Complexity:Mapping SAFE with Other Frameworks SAFE acts as an overarching security standard for cloud firmware and software.Potential for mapping SESIP and PSA compliance into SAFE requirements.FIPS 140 remains separate due to its strict cryptographic focus.9Stra

12、tegies for certification efficiencyHow Manufacturers Can Streamline Multiple Certifications Modular Security Approach:Certify components separately and reuse across certifications.Potential for Cross-Certification&Reuse Using SESIP as a foundation for meeting SAFE requirements.Mapping PSA RoT compon

13、ents into SAFE evaluations.Reducing redundant testing efforts between FIPS 140 and SAFE cryptographic requirements.Reducing Audit Redundancy&Cost Pre-certification alignment to meet multiple standards in one audit cycle.Collaborating with cloud service providers to recognize existing certifications.

14、Leveraging industry initiatives for certification harmonization.10Key Insights for Device&IP Manufacturers Plan for Multi-Certification from the Start:Design security implementations with OCP SAFE,SESIP,and PSA requirements in mind.Leverage Existing Certifications:If SESIP,or PSA is already achieved

15、,identify overlaps with SAFE to reduce work.Use Certification Equivalence Where Possible:Advocate for recognition of similar security standards across industry players.Steps to Align with OCP SAFE&Other Certificationsa)Perform a gap analysis between existing security certifications and SAFE.b)Engage

16、 with certification bodies to identify opportunities for certification reuse.c)Implement modular security to allow incremental certification compliance.d)Monitor evolving security requirements to maintain compliance over product lifecycles.Future of Unified Security Certifications Increased alignmen

17、t between major security certification frameworks.Growing industry adoption of OCP SAFE as a standard for cloud security.Potential for global recognition of cross-certified devices.Practical Takeaways&Recommendations 11 Key TakeawaysOCP SAFE enhances security at the hardware and firmware levels.It a

18、ligns with Zero Trust principles and ensures compliance.Wide industry adoption is improving security standards globally.Next Steps to achieve certification bundlingExplore OCP SAFE documentation and resources(https:/www.opencompute.org/projects/ocp-safe-program)Connect with experts for consultation.

19、Join OCP community forums for discussions and updates.Closing Remarks12 Visit us at:Keysight OCP SAFEKeysight Riscure13 Take the First Step Perform a gap analysis against existing certifications Engage with certification bodies for reuse opportunities Align your roadmap with OCP SAFE requirements Join the Movement Collaborate with other manufacturers and cloud providers to harmonize certificationsCall to Action Take the Next Step Towards Certification Harmony14Thank You!