BSI certified HUAWEI to ISO/IEC 19790 globally, the first client to be certified for this standard

3 November 2022

At BSI, we are proud that HUAWEI was the first organization we certified to ISO/IEC 19790 globally. HUAWEI is leading the industry towards an enhanced cybersecurity and digital trust amongst industry players and consumers. Emmanuel Herve, ASEAN Managing Director for BSI was invited to present on Digital Trust during HUAWEI’s Mate 50 series mobile phone launch in Kuala Lumpur, Malaysia on the 3 November 2022. This presentation session was exclusive only to BSI and was attended by over 400 attendees, consisting of HUAWEI’s business partners, dealers, telco representatives and media.

HUAWEI is the key industry driver in international best practice adoption, focusing on certification, training, and consulting services in digital trust in more than 60 countries. To date, HUAWEI has obtained over 72 certifications on adoption of 28 international standards and collaborated with BSI and key global stakeholders to establish new certification scheme.

During the launch, Emmanuel presented the certification on ISO/IEC 19790: Security requirements for cryptographic modules to HUAWEI. The ISO/IEC 19790 certification is specific to HUAWEI iTrustee (the security operating system of Mate 50 series). BSI assessed this vital security component against global best practice for security, to demonstrate that the system (iTrustee) provides effective encryption and underpins trust in data protection and identity authentication.

huawei-cert-presentation-01.jpeg

The ISO/IEC 19790 standard was launch in 2012 and specify Information technology – Security techniques – Security requirements for Cryptographic modules. The standard was moulded by input from many nations and backed by approval from over 200 national bodies. In practice, ISO/IEC 19790 specifies the security requirements for a cryptographic module used within a security system protecting sensitive information in an ICT system. It sets out four security levels for cryptographic modules, to cater for varying degrees of data sensitivity. They range from, for example, low-value administrative data to classified government information. The four security levels also take account of different application environments, ranging from, for example, removable media in an unprotected location to a highly guarded data centre.

“Although ISO/IEC standards have been developed to sustain secure design, development, testing and certification of such critical devices, it would be crucial for key industry players to plan and think about how certification of these core devices need to look like to serve this increased need. We hope to collaborate with more industry players and shapers to build an even more robust cybersecurity ecosystem globally,” said Emmanuel Herve.

image4k7n.png