BSZ – the faster proof
The accelerated security certification (BSZ) gives manufacturers a faster way to prove the security of their IT products with a BSI certificate.
The freedom from vulnerabilities is a crucial factor for users to assess the trustworthiness of a product. In order to be able to prove this product characteristic, the German Federal Office for Information Security (BSI) has so far often provided for tests and certifications in accordance with the Common Criteria (CC). These certifications are associated with a high level of effort and are therefore only required by customers for a few, very demanding areas of application.
The application areas of the BSZ
In order to open up areas of application beyond certification according to CC, the BSI has expanded its portfolio to include accelerated security certification (BSZ). Their focus is on verifying the manufacturer’s promised safety performance. These are tested by penetration tests with a product-related, predefined scope, whereby the penetration tests follow currently known attack scenarios. Compared to certification according to CC, the BSZ offers better plannable evaluation runtimes and, from the manufacturer’s point of view, a reduced documentation effort.
BSZ lets the user of the certified products benefit by providing an understandable presentation of security performance and assuring updates to the ever-changing security situation over a defined period of time.
The actual certification is preceded by the evaluation of the product by a BSI-recognized testing body such as SRC. The resulting test report serves the BSI as the basis for awarding the certificate.
An evaluation by SRC typically includes the following services:
- Review of the promised security deposit
- Checking the installation instructions
- Testing the implemented cryptographic procedures
- Penetration tests
- Preparation of the test report
Your advantage
We are happy to offer you the opportunity to draw on the expertise of our specialists for evaluations for accelerated security certification. Contact us without obligation.