Security Evaluation
Security Certification is comprised of one step, FDO Security Evaluation, and is required for certifying Device Onboarding Services and Devices. Security Certification validates the security characteristics of an implementation, including adherence to all FDO Security Requirements. Successful completion and evaluation of a vendor questionnaire by the FIDO Security Secretariat is required for at least FDO Certification Level 1 (L1) *.
*Higher FDO Certification Levels may be developed and added to FDO Certification in the future.
FDO Vendor Questionnaire (VQ)
The FDO Security Requirements were developed based on an assessment of the FIDO Device Onboard (FDO) specification. Security goals, primary and secondary assets, were identified. A threat analysis was completed, and security requirements were defined to mitigate risk for base-level security assurance, FDO Certification L1, for all FDO Devices. The security requirements are administered for evaluation by completing an FDO Vendor Questionnaire through self-assertion. The completed VQ is then submitted for review and evaluation by the FIDO Security Secretariat.
Step #4 of the FDO Certification Process Overview includes FDO Vendor Questionnaire submission information. As abridged context, submit completed FDO Vendor Questionnaires for review and evaluation to: fdo-security-evaluation@fidoalliance.org.
Please reference the Resource Documentation program page for all documentation that is relevant to FDO Security Certification.
