To the central content area
Toggle Dark/Light Mode Dark Mode
:::

ESS Certification Seal Application Procedure

Applicants such as phone manufacturers may apply for levels of ESS certification according to the  positioning of their smartphones and adhere to the procedures listed below to acquire the ESS Certification Seal :

  1. Applicant applies for testing with cyber security testing laboratory: the applicant should prepare smartphones and documents including the testing application, manufacturer self-declaration form, security feature specification form, design security form, and security structure form and apply for testing with a Taiwan Accreditation Foundation-approved cyber security testing laboratory. 
  2. Cyber security testing laboratory produces report: according to the scope of certification and security level specified by the applicant, the cyber security testing laboratory reviews the documents and conducts testing on the device following the "TS-0030 v1.1 — Infocom Security Test Specifications for Embedded Software on Smartphone Systems" announced by the Taiwan Association of Information and Communication Standards (TAICS) and publishes a report on the smartphone model. (Starting from February 23, 2022, the "Infocom Security Technical Inspection Guidelines of Embedded Software on Smartphone Systems" announced by the National Communications Commission in March 2017 has no longer applied).
  3. Certification organization issues ESS Certification Seal: the applicant provides the aforementioned report to the certification organization, Chinese Cryptology and Information Security Association (CCISA), to apply for certification. In line with its regulations for smartphone system embedded software cyber security certification procedures and the "TS-0030 v1.1 — Infocom Security Test Specifications for Embedded Software on Smartphone Systems" announced by the TAICS, the CCISA reviews the report. Once the report passes review, the CCISA issues the certification and ESS Certification Seal.

In order to increase awareness of the public and encourage phone designers, manufacturers, and telecommunication providers to view demands for cyber security more seriously, aside from obtaining smartphone cyber security certification, applicants may also receive the Smartphone System Embedded Software Security (ESS) Certification Seal (as shown in the illustration below). The number of stars on the seal represents the certified cyber security level of the device. For example, three stars on the seal indicates that the product attained level three/high-level cyber security. The low-, medium-, and high-level system of cyber security certification seals follow the "Infocom Security Technical Inspection Guidelines of Embedded Software on Smartphone Systems," which is no longer applicable. As of the end of August 2022, 21 mobile phone models had obtained certifications (one obtained medium-level, 10 low-level, nine level-one, and one level-two; details on the ESS test website).

The smartphone system embedded software cyber security certification indicates that the self-declaration of the applicant and the specific version of phone system embedded software provided met test requirements for the particular level designated by the technical specification regulation at the moment the cyber security testing laboratory conducted the test. However, since the nature of cyber security is of risk management and relative security, and in light of the fact that cyber security incidents remain abundant and the methods of hacking are constantly changing, while security assurance is reflected in the level of certification smartphones receive, some cyber security loopholes may still be eventually discovered. Consequently, in the event that cyber security loopholes or risks are discovered in mobile phone system embedded software after the phone receives certification, the applicant should still undertake corrective action and apply for another test. Applicants whose products have added or updated versions of embedded software must also apply for another test to maintain their certification status.
 

Go Top