BSI collaborates with industry trailblazers on a standardized approach to cryptographic module security certification with ISO/IEC 19790

Singapore, 18 October 2023 – The British Standards Institution (BSI) hosted the 4th Cryptographic Module hybrid event in Singapore to facilitate discussion about a standardized approach to security certification and the benefit this could bring to organizations.

Industry trailblazers such as Huawei, DEKRA, OSR (Shanghai Technology), the Indonesian Directorate of Cybersecurity and Crypto Technology, KAYTUS and Sinocipher gathered to discuss the importance of trust in how cryptographic solutions are secured, and steps that can be taken to simplify the process, whilst reducing the time required to certify and integrate the latest technology into networks and systems.

The theme of the event was Certification Simplified, Security Amplified, Trust Delivered - Cryptographic Module Security Certification to ISO/IEC 19790 Comes to Life, with attendees considering the global need for trusted security protection across our networks and systems.

The discussion opened with a talk on the government perspective from BSSN, the Indonesian Directorate of Cybersecurity and Crypto Technology, which emphasized the need for simplification, clarity and speed within the certification process, whilst still addressing national cryptographic autonomy.

During this event, BSI celebrated the achievement of Huawei Technologies Co., Ltd., Open Security Research Inc (OSR Shanghai Technology Co. Ltd), KAYTUS, and Sinocipher for being certified to the international standard for security requirements for cryptographic modules (ISO/IEC 19790).

On behalf of BSI, David Mudd, Global Head of Digital Trust, presented the certifications to Mr. Chen XiaoPing, Cyber Security Certification Expert from Huawei Technologies, Mr. Louis Tian, Chief Technology Officer of KAYTUS, Mr. Ma Bo, General Manager of OSR(Shanghai) Technology Co. Ltd, and Ms. Xu Shenglin, International Business Manager of Sinocipher.

Michael Lam, APAC Managing Director, BSI, said: "Robust security certification to international standards can bring significant benefits to manufacturers by better enabling their products to reach global markets, as well as to the users of such products by providing assurance and trust in those products, whilst avoiding the need for testing and certification in each market. This can save time without impacting the level of trust.

“BSI is delighted that Huawei Technologies, KAYTUS, OSR Shanghai Technology and Sinocipher have become the first group of forward-thinking organizations to be certified by BSI for meeting the required standard on security requirements for cryptographic modules. This signifies that their products have the appropriate level of security to protect the highly sensitive cryptographic elements which secure our data.”

David Mudd, Global Head, Digital Trust, BSI, said: “This event marks a significant milestone along the journey to a common approach to cryptographic module security certification, which could significantly reduce the complexity and timescales for getting the latest technology into networks and systems.

“The dialogue amongst global experts has developed over these events, from exploring the possibilities of a common approach to working through the detail of what is needed to make it work for all stakeholders and across markets. Congratulations to the great teams at Huawei, OSR, KAYTUS and Sinocipher for their excellent work in being the first cohort to achieve certification.”

- Ends –

Notes to Editors:

ISO/IEC 19790 (Security requirements for cryptographic modules) represents global best practice for securing cryptographic mechanisms used to protect data against unauthorized disclosure or manipulation, provide trust in the origin and integrity of data, and for authentication. Trust in these critical cryptographic mechanisms in directly dependent on the security of the cryptographic modules which house them. Therefore, this standard addresses a critical area of concern in protecting our data.

Certification against this standard helps organizations establish a systematic assurance in the lifecycle of the cryptographic module – where an end-to-end product security assurance system is established and implemented to deliver secure and reliable products to customers[1].  

About BSI:

BSI is a business improvement and standards company and for over a century BSI has been recognized for having a positive impact on organizations and society, building trust and enhancing lives. Today BSI partners with more than 77,500 clients in 195 countries and engages with a 15,000 strong global community of experts, industry and consumer groups, organizations and governments. Utilizing its extensive expertise in key industry sectors - including automotive, aerospace, built environment, food and retail, and healthcare - BSI delivers on its purpose by helping its clients fulfil theirs. BSI provides organizations with the confidence to grow by partnering with them to tackle society’s critical issues – from climate change to building trust in digital transformation and everything in between - to accelerate progress towards a better society and a sustainable world.

[1] This includes:

• development security
• third-party component security
• independent security assessment
• supply chain security
• delivery security
• security event response
• organizational security capabilities