The GSMA implements a trusted system using certificates based on Public Key Infrastructure ( PKI ) to control what components of a Remote SIM Provisioning system can talk to each other.
The policy is outlined in SGP.14
In order to permit any certified component can talk to any other certified component, the GSMA issue signed root certificates.
They have appointed Cybertrust to act as the Root Certificate Issuer for M2M RSP systems ( version 3.1 ) and Digicert as the Certificate Issuer for Consumer RSP systems. The Cybertrust root certificates were acquired by Digicert in 2015. In order to obtain a certificate from one of these sources it is necessary to have SAS certification.