Product Security Certifications – Who, What, Where, and Why

A nation-state attack on the SolarWinds network management system in December 2020 compromised the supply chains of over 18,000 organizations, including the Pentagon and the Department of Homeland Security. As these supply chain security attacks continue, there is an increased focus on securing the supply chain. Organizations are seeking to understand their risk exposures from third parties and products they acquire and use. For products, security certifications can be useful to demonstrate security functionality as well as to assure security efficacy. Specific certifications may be required for certain market sectors, for certain types of data, or certain implementations of security functionality. Such certifications can be a determining factor as to whether a product is purchased or can be used. This session provides an overview of the more common product security certifications. Insights into the processes, schemes, and criteria will be offered. The role that engineering and implementation activities can have on product security certification will be explored. Lastly, the session will provide information on the state of the relevant standards and practices.