The BSI has awarded LANCOM Systems GmbH the first certificate according to the new BSI scheme “Accelerated Security Certification” (BSZ for short). In this pilot procedure, SRC evaluated the security features of the Lancom 1900EF VPN router and finally recommended approval to the BSI.
LANCOM has already had the security of its solutions tested and confirmed or certified by SRC in many procedures using Common Criteria evaluations or penetration tests. With the pilot evaluation for the BSZ, the BSI, LANCOM and SRC have jointly set a further certification standard for IT security solutions. This aims to guarantee the required level of security with a shorter time to market for the product.
Accelerated security certification (BSZ) allows manufacturers to have their products evaluated and certified by the BSI within a specified period of time. The evaluation must be carried out by a BSI-recognized testing body. With the BSZ, the total time required for the evaluation is predetermined from the outset (fixed time) in comparison to Common Criteria evaluations, for example. This allows manufacturers to estimate the expected effort.
When designing the attack scenarios, the BSZ allows the evaluators a relatively large amount of leeway. This test catalog must be presented to the BSI in detail. This scope for design requires an above-average degree of expertise, care and creativity from both the testing body as an institution and from each individual evaluator. The test catalog and the final assessment in the test report draw on a wide range of expertise, e.g. in cryptography, penetration tests or protocol attacks. The implementation by the manufacturer is assessed by the test center and those responsible at SRC must defend this against the critical view of the BSI.
“Accelerated security certification will certainly play a major role in the field of IoT devices in particular,” says Gerd Cimiotti, Managing Director of SRC Security Research & Consulting GmbH. He would like to thank Lancom and the BSI for the professionalism on all sides that ultimately brought this pilot process to a successful conclusion.
Ralf Koenzen, founder and Managing Director of LANCOM Systems GmbH, reflects the manufacturer’s perspective: “When you do something for the first time, the effort involved is always greater. It’s precisely then that the experience and expertise of a partner like SRC provides guidance and noticeable relief.”
As a long-standing partner of the BSI, SRC has already carried out a large number of projects in a wide variety of approval schemes. SRC is currently in the process of being recognized as a testing body for accelerated security certification.
We would also be happy to support your accelerated safety certification. If you have any questions about the BSZ, please do not hesitate to contact us.
