Skip to content

Farncombe Security Audit®

Overview

The Farncombe Security Audit® is Cartesian’s independent specialist security auditing service for content owners, broadcasters, OTT providers, and technology suppliers worldwide.
Trusted and recommended by the major Hollywood studios, Cartesian is one of a select few companies worldwide that offer an auditing service that meets their rigorous standards, including the MovieLabs specification for Ultra HD and 4K content.

Methodology

Cartesian’s Farncombe Security Audit® is an industry-recognized methodology for reviewing security system implementations, including materials handling, business processes, system architecture, device security, and end-to-end implementation. Our modular process allows us to tailor our reviews to individual systems.

AACS LA Authorized Robustness Consultant

In 2015, Cartesian was appointed by AACS LA as the first Authorized Robustness Consultant (ARC) able to help manufacturers ensure that the security of their next generation Ultra HD Blu-ray(TM) players meet the robustness requirements of the AACS2 Licenses for implementations of the recently-released AACS2 Specifications. The Authorized Robustness Consultant is responsible for assessing security robustness of Ultra HD Blu-ray devices.

Audit Methodology

Our audit is separated into three phases, starting with a questionnaire-based self-evaluation, followed by a readiness evaluation, and ending with an on-site security review. Cartesian is also able to offer targeted penetration testing of systems and devices to complement the security audit process.

Upon completion of an audit, businesses may choose to display the Farncombe Security Audit® shield mark on their website and publicity materials.

 

Minimum Security Requirements

We have established a set of Minimum Security Requirements that are compiled and maintained through dialogue with content owners and technology partners. These requirements cover end-to-end content acquisition, distribution, and consumption. Our audits assess how systems meet these requirements.

Content Acquisition

  • Content Workflow
  • Physical and Cloud security
  • Electronic security
  • DRM provider robustness
  • Security strategy
  • Security organization

Content Distribution 

  • Content platform security
  • Key and license management
  • Playout
  • Network evaluation
  • Multi-device policies

Content Consumption

  • DRM and Conditional Access
  • Architecture
  • Implementation
  • OS hardening obfuscation
  • Provisioning
  • Risk assessment
  • Threat mitigation

The Farncombe Security Audit® Mark Program

Upon completion of a Farncombe Security Audit®, businesses may choose to display the Farncombe Security Audit® mark on their website and publicity materials. Displaying the shield mark indicates that a Farncombe Security Audit report is available from the auditee upon request.

Case Studies

Get in touch

Need security support or advice?