The accel­erated security certi­fi­cation (BSZ) gives manufac­turers a faster way of proving the security of their IT products with a BSI certificate.

The absence of vulner­a­bil­ities is a decisive factor for users in assessing the trust­wor­thiness of a product. In order to be able to prove this product charac­ter­istic, the Federal Office for Infor­mation Security (BSI) had previ­ously only provided for tests and certi­fi­ca­tions in accor­dance with the Comon Criteria (CC). These certi­fi­ca­tions involve a great deal of effort and are therefore only required by customers for a few, very demanding areas of application.

In order to open up areas of appli­cation beyond CC certi­fi­cation, the BSI has expanded its portfolio to include accel­erated security certi­fi­cation (BSZ). Their focus is on checking the safety perfor­mance promised by the manufac­turer. These are checked by penetration tests with a product-related, prede­fined scope, whereby the penetration tests follow currently known attack scenarios. Compared to CC certi­fi­cation, the BSZ offers more predictable evalu­ation periods and, from the manufacturer’s point of view, reduced documen­tation effort.

The BSZ allows users of the certified products to benefit from a clear presen­tation of the security perfor­mance and the assurance of updates to the constantly changing security situation over a defined period of time.

The actual certi­fi­cation is preceded by the evalu­ation of the product by a BSI-recog­nized testing body such as SRC. The resulting test report serves the BSI as the basis for awarding the certificate.