[Owasp_embedded_application_security] Current state of security standards

Tim Sherlock tbsherlock at gmail.com
Wed Feb 13 05:13:48 UTC 2013


Hello Everyone,

Here are some rather specialised standards I have run into surrounding
embedded security. They may provide some good baselines in which general
embedded security guidelines can be derived.

Common Criteria: Protection profiles cover a range of topics, Maybe
somebody with more experience here could direct to profiles relevant to
embedded security.
http://www.commoncriteriaportal.org/pps/

FIPS 140-2: U.S. Government security standard surrounding cryptographic
modules. Contains a mixture of hardware/software.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

PCI PTS: Payment Card standards around around PIN entry devices. Primarily
focused on protection of PIN and cryptographic keys against physical
attacks.
https://www.pcisecuritystandards.org/security_standards/documents.php

Is anyone aware of anything else out there already?

Thanks,
Timothy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_embedded_application_security/attachments/20130213/56022d7b/attachment.html>


More information about the Owasp_embedded_application_security mailing list