The GSMA eUICC Security Assurance (eSA) scheme, uses the Common Criteria to provide a dynamic set of procedures for the security evaluation of embedded UICC (eUICC) solutions. The enforcement of secure access to networks and safeguarding of the subscriber’s account are the key principles driving eUICC certification.

GSMA has selected TrustCB as a GSMA eSA Certification Body.

The GSMA eSA scheme requirements are specified in GSMA document SGP.06 – eUICC Security Assurance Principles and conformity assessment is determined by Type Examination (testing). The scheme framework is Common Criteria (CC) and Common Evaluation Methodology (CEM), PLUS eUICC optimisations as described in GSMA document SGP.07 – eUICC Security Assurance Methodology.

SGP.06 and SGP.07 are part of the GSMA eSIM specification suite and can be found here as GSMA eUICC Security Assurance Specifications.

The technical specifications for eSIM security assurance are detailed in GSMA developed Protection Profiles for eSIM:

• GSMA SGP.05, Embedded UICC Protection Profile for product designed to the GSMA SGP.01 eSIM architecture,
• GSMA SGP.25, Embedded UICC for Consumer (and IoT Device) Protection Profile for product designed to the GSMA SGP.21 eSIM architecture

Applicants for eSIM certification should first register with the GSMA. A completed and submitted TrustCB eSA application form is then needed which, together with associated application materials, enables the eSA certification process.to start.