GSMA selected TrustCB as a GSMA eSA certification body.

The GSMA eUICC Security Assurance (eSA) scheme, uses the Common Criteria to provide a dynamic set of procedures for the security evaluation of embedded UICC (eUICC) solutions. The enforcement of secure access to networks and safeguarding of the subscriber’s account are the key principles driving eUICC certification.

The GSMA eSA scheme requirements are specified in: GSMA document SGP.06 – eUICC Security Assurance Principles.

This scheme determines conformity assessment by Type Examination (testing) following the Common Criteria (CC) and Common Evaluation Methodology (CEM), and optimisations as described in GSMA document SGP.07 – eUICC Security Assurance Methodology.

The technical specifications, which a product can be certified against one of, are detailed in:

• GSMA SGP.05, Embedded UICC Protection Profile (registered by BSI as BSI-CC-PP-0089-2015)
• GSMA SGP.25, Embedded UICC for Consumer Devices Protection Profile (registered by BSI as BSI-CC-PP-0100-2018)

Applications for certification under the TrustCB eSA scheme must first be registered with GSMA (more information can be found here). Once confirmation of GSMA eSA Registration is complete, the Developer and Lab should work together to complete the TrustCB eSA Application Form (v1.0). The complete application form, sign by both a Developer and Lab representative are to be submitted to TrustCB, along with the complete copy of [SGP.06] Annex A, the (draft) Security Target and the GSMA eSA registration confirmation.

For details of TrustCB’s procedures for this scheme, refer to the TrustCB scheme procedures.