PRESSEMELDUNG
Bonn, February 10, 2025 – SRC Security Research & Consulting GmbH announced on February 07. SRC received the official NESAS certificate on February 2, 2025 and was recognized by the German Federal Office for Information Security (BSI) as a NESAS test center. This means that SRC can support manufacturers of critical technical components within the framework of the Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme – German Implementation (NESAS CCS-GI) and test their products to the highest security standards.
NESAS CCS-GI: Standardized test scheme for 5G and 6G components
The German Federal Office for Information Security (BSI) developed the standardized test scheme NESAS CCS-GI based on the framework “Network Equipment Security Assurance Scheme” (NESAS) defined by the Groupe Speciale Mobile Association (GSMA) and the 3rd Generation Partnership Project (3GPP).
“Increasing networking requires the highest security standards, especially in critical infrastructures such as 5G and 6G mobile networks. NESAS CCS-GI ensures that these requirements are met,” explains Markus Schierack, Managing Director at SRC.
This test scheme is used to certify components for 5G and future 6G mobile networks. Certification in accordance with NESAS CCS-GI enables manufacturers to demonstrate compliance with legally required security features by means of an IT security certificate.
Regulatory requirements and importance of NESAS
The Telecommunications Act stipulates that critical components of mobile networks that have been classified as security-relevant by the Federal Network Agency (see “List of critical functions”) must undergo certification. Depending on the product category, different certification schemes are possible: Common Criteria (CC), Accelerated Security Certification (BSZ) or NESAS CCS-GI. NESAS certification is a necessary step to ensure the legally compliant and secure operation of network technologies.
“For manufacturers, NESAS certification not only means compliance with regulatory requirements, but also a decisive competitive advantage. Security is a key quality feature in modern telecommunications networks,” says Dr. Georg Mörsch, consultant at SRC.
SRC offers all certification options from a single source
As one of the few recognized inspection bodies in Germany, SRC offers manufacturers all relevant certification options – CC, BSZ and NESAS CCS-GI – from a single source. With many years of experience and in-depth expertise, SRC supports companies from initial project preparation through to successful certification. SRC’s comprehensive advice and technical expertise makes the certification process easier for manufacturers and ensures efficient and legally compliant implementation.
Recommendation: Start early, observe deadlines
In order to meet the legal requirements by January 1, 2026, SRC recommends that manufacturers start project preparation and contract negotiations at an early stage. The first quarter of 2025 should be used to lay the foundations for successful certification and complete the certification process on time.
“The certification process requires careful planning and timely preparation. We advise manufacturers not to waste any time and to contact a certified inspection body at an early stage,” concludes Markus Schierack.
About SRC Security Research & Consulting GmbH:
SRC Security Research & Consulting GmbH is the leading consultancy for IT security and new technologies. Founded in 2000 as a joint venture of the German banking industry, SRC is a central link between research and products and services supported by the banking industry. To this end, SRC pools cutting-edge know-how in the fields of IT security and information technology and provides expertise in the development, implementation and testing of secure systems. The focus is always on innovation and sustainability as well as the creation of standards for secure systems and environments.
SRC has already received a wide range of recognitions and accreditations, e.g. from the laboratory for Common Criteria assessments, various accreditations from the PCI SSC, from EMVCo, as well as listings and recognitions from the German Federal Office for Information Security.
