The BSI has granted LANCOM Systems GmbH the first certificate according to the new BSI scheme “Accelerated Security Certification” (BSZ for short). In this pilot procedure, SRC evaluated the security features of the Lancom 1900EF VPN Router and finally recommended approval to the BSI.
LANCOM has already had the security of its solutions tested and confirmed or certified by SRC in many procedures using Common Criteria evaluations or penetration tests. With the pilot evaluation for the BSZ, the BSI, LANCOM and SRC have jointly set a further standard for the certification of IT security solutions, with the aim of achieving time-to-market certification.
The Accelerated Security Certification (BSZ) allows manufacturers to have their products evaluated and certified by the BSI within a specified period of time. The evaluation must be carried out by a test centre recognised by the BSI. With the BSZ, the total effort of the evaluation, in comparison to e.g. Common Criteria evaluations, is predetermined from the beginning (fixed time). This allows manufacturers to estimate the expected effort well.
When designing the attack scenarios, the BSZ allows the evaluators a relatively large leeway. This test catalogue must be presented to the BSI extensively and in detail. This design leeway demands an above-average degree of expertise, care and creativity from both the evaluation facility institution and each individual evaluator. The test catalogue and the final evaluation in the test report draw on a broad know-how of cryptography, penetration tests, protocol attacks. The implementation by the manufacturer is evaluated by the test centre and the responsible persons at SRC have to defend this against the critical view of the BSI.
“Accelerated security certification will certainly play a major role, especially in the field of IOT devices,” says Gerd Cimiotti, Managing Director of SRC Security Research & Consulting GmbH. Like Lancom and the BSI, he expresses his thanks for the professionalism on all sides with which this pilot procedure was ultimately brought to a successful conclusion.
Ralf Koenzen, founder and managing director of LANCOM Systems GmbH, gives the manufacturer’s perspective: “When you do something for the first time, the effort is always greater. It is precisely then that you feel the experience and expertise of a partner like SRC as orientation and noticeable relief.”
As a long-standing partner of the BSI, SRC has already carried out a large number of projects in the most diverse approval schemes. SRC is currently in the process of being recognised as a test centre for accelerated security certification.
We would also be happy to accompany your accelerated security certification. If you have any questions about the BSZ, please do not hesitate to contact us.