OVERVIEW OF ETSI 303 645
ETSI EN 303 645, released in 2019, involved all stakeholders of the consumer IoT cybersecurity landscape and was developed with industry, academics, testing institutes and international government bodies. This standard has become a reference for securing IoT devices all over the world and is already used by several cybersecurity regulations for devices like fitness watches, home automation devices, smart hubs, robot vacuum cleaners, dishwashers and more devices used on a daily basis.
HOW TO CARRY OUT AN EVALUATION UNDER ETSI EN 303 645
The standard ETSI EN 303 645 is evaluated following the guidelines of ETSI TS 103 701, which describes how a conformity assessment is performed in a structured and comprehensive way. This will allow supplier organizations such as manufacturers, vendors or distributers to assess the compliance of their devices against ETSI EN 303 645. The technical specification that offers ETSI TS 103 701 helps to harmonize evaluation methodologies and support manufacturers, suppliers and implementers for their internal security processes.
ETSI EN 303 645 EVALUATION PROCESS
The ETSI EN 303 645 evaluation is a process that involves three main stakeholders:
- Supplier Organization (SO): Is basically the client, i.e. the company that requires the services.
- Consulting firm (CF): The company in charge of preparing all the documentation (could be done by the client himself, but this is not recommended due to the complexity of the standard). This is the hardest part in the process, because is when the SO Statement must be drafted. The SO Statement is a document that includes the identification of the DUT (Device Under Test), the creation of the Implementation Conformance Statement (ICS) and the Implementation Extra Information for Testing (IXIT), find more information in our ETSI EN 303 645 consulting web.
- Testing laboratory (TL): An independent entity that carries out the conformance assessment of a DUT. jtsec is an accredited laboratory by ETSI to perform evaluations based on ETSI TS 103 701, the assessment specification developed by ETSI that specifies conformance tests and methodology for assessing devices against EN 303 645. Once the SO Statement has been drafted, the evaluation can be started. The assessment can be scoped to cover the mandatory requirements in EN 303 635, or to also cover the additional recommendations in the standard. The evaluation could be done by the manufacturer himself, but it is more reliable if it is performed by a third party.
At the conclusion of the evaluation, an assessment report will be issued which will include a verdict (pass, fail or inconclusive) for each of the provisions that apply to the device.
The steps to be followed in the evaluation process are as listed below.
10 REASONS FOR CHOOSING JTSEC
- We assure you a fixed price from the beginning, avoid surprises!
- Time to market, a support engineer is always available for projects, ensuring we meet deadlines and expectations.
- Members of SCCG (Stakeholder Cybersecurity Certification Group).
- ETSI accredited laboratory.
- Customized approach adapted to your needs.
- More than 15 years of experience in cybersecurity evaluation and consultancy.
- Continuous in-house training to be always up to date with regulations.
- ECSO members in the Working Group "Standardization, Certification and Supply Chain Management".
- We collaborate in different standardization projects, being ISO members, editor at JTC13 WG3 in different standardization projects.
- Accredited lab for Common Criteria, IEC 62443 4-1, IEC 62443 4-2 & LINCE.
WHAT DO WE OFFER?
1. EVALUATION, ACCREDITED LAB
As an accredited laboratory, we carry out ETSI EN 303 645 security evaluation of your product, following the technical specification ETSI TS 103 701. In addition, we perform the necessary tests both functional and conceptual.
2. TURNKEY APPROACH
We offer a turnkey approach, an accurate process bearing in mind that every client and every product are unique. We adapt to your needs by creating a unique working framework, attending to the specific needs of your project.