Cybersecurity Certification

Accredited Cyber Security Certification Services

Third-party certification provides accredited and independent proof that the product and processes comply with globally recognized security requirements and standards.

About Cyber Security Certification

Our cyber security certification experts provide our customers with the peace of mind that their hardware and software products comply with globally recognized security requirements and standards. Our dedicated and experienced team of more than 40 security evaluation engineers have a focus in excellence as the main trust and assurance provider through rigorous and transparent evaluation and testing processes.

The company has an extensive portfolio of services and customers, from Certification Bodies to Product Developers and Evaluation Facilities.

DEKRA’s cyber security certification services cover:

GAP analysis and pre-evaluation services
Vulnerability assessment and penetration testing
Training and workshops
Evaluation services:
- ISO 15408 / Common Criteria
- FIPS 140-3 / ISO 19790 (Cryptographic Modules and algorithms)
- LINCE – lightweight CCN methodology
- GSMA - NESAS 3GPP evaluations
- eIDAS regulation for Trusted Services Providers
- ESV certification
- ACVP certification
Maintenance of the certificates
Evaluation services for IT system or devices against a vendor defined security target or protection profile

DEKRA provides expert product certification services according to the international standards “Common Criteria”, the corresponding ISO 15408.

Common Criteria (ISO 15408) is the only globally mutually recognized product security standard worldwide and can be used to certify any IT system or device providing security functions. In some industries Common Criteria may be a market entry requirement or a specific security assurance requirement demanded by governmental regulations. Our team of project managers and evaluators sums up more than 100 years (and counting) of experience in such field. It demonstrates DEKRA’s commitment to global customers on reliability and cybersecurity.

DEKRA provides expert product certification services according to the standards FIPS 140-3 the corresponding ISO 19790. FIPS 140-3 is the de-facto standard to certify cryptography implemented in hardware and software products. ISO 19790 is an equivalent standard based on FIPS 140-3. DEKRA lab code is 200856-0.

Specifies the security requirements that will be satisfied by a CM utilized within a security system protecting sensitive information. The certification laboratory has been working for more than 20 years in evaluations with all kind of cryptographic modules. We have been at every side of the story, and we know how to tell it.

IEC-62443 is a series of standards including technical reports to secure Industrial Automation and Control Systems (IACS). It provides a systematic and practical approach to cybersecurity for industrial systems. Every stage and aspect of industrial cybersecurity is covered, from risk assessment through operations.

The networking of industrial devices means that their safe operation increasingly depends on protection against security threats. Therefore, cyber security is an important pillar of the overall security and therefore a necessary and important part of our conformity assessment procedure.

DEKRA is an accredited testing laboratory according to DIN EN ISO/IEC 17025:2005, we test security on the basis of the DIN IEC 62443 series of standards:

Secure Product Development Lifecycle Requirements (DIN EN 62443-4-1)
Technical security requirements for IACS components (DIN EN 62443-4-2)
System security requirements and security levels (DIN EN 62443-3-3)
Security program requirements for IACS service providers (DIN IEC 62443-2-4)

LINCE is a CCN lightweight evaluation and certification standard that can be used to certify IT products with low or medium criticality. It provides proper methodology including a limited scope for evaluations in terms of timing and effort, which makes it an attractive option for vendors wanting to get their certificate in a timely fashion.

DEKRA has a robust background in the evaluation and testing of market leading manufacturers of networks equipment and infrastructure. “Network Equipment Security Assurance Scheme (NESAS)” provides “out of the box” security assurance to operators and vendors, ensuring a common baseline security level for the industry. Life cycle processes audit & Network equipment evaluation.

eIDAS is an European regulation for the certification of trusted services providers. DEKRA passed ISO/IEC 17065 accreditation and acts as Certification Assessment Body (CAB) for offering auditing and certification services with a dedicated team of experts in the trusted services field, such as Electronic signature systems, Issuance of certificates for signature, stamp, time stamp, Electronic delivery, Signature preservation, etc.

Common Criteria ISO/IEC 15408

Common Criteria (CC) is a Certification Framework to evaluate and certify cybersecurity requirements in IT products Common Criteria

Common Criteria

FIPS 140-3 Certification

Federal Information Processing Standard or FIPS 140-3 Certification is the standard for validating the effectiveness of cryptographic modules.

FIPS 140-3

ISO/IEC 19790 Certification Scheme

ISO/IEC 19790: DEKRA's private certification scheme provides a framework for certifying cryptographic modules, offering transparency to users and stakeholders.

ISO/IEC 19790

Mobile Application Security Assessment

MASA is an industry led collaboration to improve application security through third party security assessments based on industry standards.

MASA