BLACK FRIDAY: Save on Ledger Flex, select Ledger Nano wallets and accessories.

Shop now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

What is Security Certification?

Read 2 min
Beginner
Grey closed belt on a purple background.
KEY TAKEAWAYS:
— Security certification is an objective assessment of a product by a third party to show that it has attained a particular security standard.

— There are multiple different security certification levels, denoting different evaluations undergone by the product.

— The purpose of certification is to provide users with a reliable and objective metric for judging the security of a given product.

Security certification is an incredibly important feature of crypto hardware – yet you might be asking yourself, just what is security certification? Here, we explain the concept – and why it is so essential.

Generally speaking, certification is used to show that a product has undergone assessment by a third party and has reached a certain standard. When speaking about security technology, certification is used to show that a specific hardware or software has undergone extensive testing and meets a certain security standard.

Our Ledger hardware wallets use state-of-the-art Secure Element chips , which are used for high-end security solutions for protecting critical data such as credit cards, passports and sim cards. These chips are certified for their high security level. For these applications, having this level of security is a third-party requirement. For hardware wallets, no such requirement exists. At Ledger, we believe it is our responsibility to provide the highest level of security.

The Secure Elements used in Ledger devices have passed a Common Criteria security evaluation – an international standard for banking cards and state requirements – and have obtained an EAL5+ certificate.

What are the EAL certification levels?

There are seven different levels of EAL, which is the abbreviation for Evaluation Assurance Level.

As mentioned, the EAL level of the Secure Elements we use is 5+. In this framework, the threat model considers remote and physical access for the attacker. During the EAL evaluation process, there are several elements taken into consideration such as:

– Life cycle / supply chain
– Development procedure
– Documentation
– Functional test
– Penetration test

Reaching EAL 5+ ensures having the highest level of security against penetration tests. Going beyond EAL 5+ does not provide a higher assurance against attacks anymore.

There are many types of certifications. The EAL is an internationally recognized, most renowned certificate, but national and even local certificates may exist. 

Why is certification important?

Anyone can claim to have a secure device, but it is difficult to trust this claim. Through certificates, an independent third party has assessed the claim.

At Ledger, we believe security is paramount, and while anyone can claim to have a secure product, it means much more coming from a trusted third party. This is an important milestone for Ledger in our effort to certify all our B2C and B2B  products.

What does Ledger do regarding certification?

Today, both Ledger Nano X and Ledger Nano S are the only hardware wallets to be independently certified, according to the security requirements specified in the CSPN (First Level Security Certification) security certification scheme. 

CSPN certification

This certification serves as an external, third-party confirmation that Ledger’s security is industry-leading. This external and independent assessment further validates the company’s commitment to industry-leading security. Ledger constantly looks to enhance the security of its products, leveraging both external security researchers in its Bounty Program, as well as its industry-leading, in-house Attack Lab, the Ledger Donjon. Ledger has developed a robust custom Operating System, namely BOLOS and crypto-asset apps run on top of this secure hardware. It’s this combination of software and hardware that brings the highest level of security to each of the company’s products.

Knowledge is power.

Trust yourself and keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video about making passive income from your crypto.


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.