Tag Archive for: accelerated security certification

BSZ Certificate
Homepage Admin

SRC recog­nized as test center for accel­erated safety certi­fi­cation (BSZ)

On 01 October the “Accel­erated Security Certi­fi­cation (BSZ)”, the new certi­fi­cation procedure of the German Federal Office for Infor­mation Security (BSI) has started. Already on September 28, SRC was recog­nized by the BSI as a testing body for this new procedure. Sandro Amendola is head of the department Standard­ization, Certi­fi­cation and Security of Telecom­mu­ni­cation Networks at the BSI. On behalf of the BSI he handed over the certificate of recog­nition to Peter Jung, who is respon­sible for the BSZ at SRC.

Accel­erated Security Certi­fi­cation is the BSI’s new light­weight procedure for certi­fying the security of IT products. In contrast to a CC certi­fi­cation, a certi­fi­cation according to BSZ has several advan­tages: a consid­erably lower documen­tation effort, a signif­i­cantly shortened imple­men­tation and thus a lower cost.

The certi­fi­cation scheme follows a risk-based approach. In this process, the security perfor­mance of the IT product is tested by a recog­nized testing body such as SRC within a fixed timeframe using confor­mance and penetration tests to determine its security perfor­mance and its resis­tance to attacks.

The user also benefits. He receives compre­hen­sible documen­tation of the security perfor­mance and the promise that any vulner­a­bil­ities that occur are guaranteed to be remedied within the certificate’s validity period.
“After SRC has already carried out the first successful evalu­ation according to BSZ, we are very pleased about the recog­nition as a test center for this innov­ative certi­fi­cation scheme that has now taken place” says Peter Jung as repre­sen­tative of the test center and topic respon­sible for the Accel­erated Security Certi­fi­cation BSZ at SRC.

SRC was one of the first test centers to be recog­nized for BSZ. SRC performed the evalu­ation of the LANCOM-1900EF, the first certified BSZ product ever.

LANCOM 1900EF
Homepage Admin

Lancom 1900EF VPN Router receives first Accel­erated Security Certi­fi­cation (BSZ)

The BSI has granted LANCOM Systems GmbH the first certificate according to the new BSI scheme “Accel­erated Security Certi­fi­cation” (BSZ for short). In this pilot procedure, SRC evaluated the security features of the Lancom 1900EF VPN Router and finally recom­mended approval to the BSI.

LANCOM has already had the security of its solutions tested and confirmed or certified by SRC in many proce­dures using Common Criteria evalu­a­tions or penetration tests. With the pilot evalu­ation for the BSZ, the BSI, LANCOM and SRC have jointly set a further standard for the certi­fi­cation of IT security solutions, with the aim of achieving time-to-market certification.

The Accel­erated Security Certi­fi­cation (BSZ) allows manufac­turers to have their products evaluated and certified by the BSI within a specified period of time. The evalu­ation must be carried out by a test centre recog­nised by the BSI. With the BSZ, the total effort of the evalu­ation, in comparison to e.g. Common Criteria evalu­a­tions, is prede­ter­mined from the beginning (fixed time). This allows manufac­turers to estimate the expected effort well.

When designing the attack scenarios, the BSZ allows the evalu­ators a relatively large leeway. This test catalogue must be presented to the BSI exten­sively and in detail. This design leeway demands an above-average degree of expertise, care and creativity from both the evalu­ation facility insti­tution and each individual evaluator. The test catalogue and the final evalu­ation in the test report draw on a broad know-how of cryptog­raphy, penetration tests, protocol attacks. The imple­men­tation by the manufac­turer is evaluated by the test centre and the respon­sible persons at SRC have to defend this against the critical view of the BSI.

“Accel­erated security certi­fi­cation will certainly play a major role, especially in the field of IOT devices,” says Gerd Cimiotti, Managing Director of SRC Security Research & Consulting GmbH. Like Lancom and the BSI, he expresses his thanks for the profes­sion­alism on all sides with which this pilot procedure was ultimately brought to a successful conclusion.

Ralf Koenzen, founder and managing director of LANCOM Systems GmbH, gives the manufacturer’s perspective: “When you do something for the first time, the effort is always greater. It is precisely then that you feel the experience and expertise of a partner like SRC as orien­tation and noticeable relief.”

As a long-standing partner of the BSI, SRC has already carried out a large number of projects in the most diverse approval schemes. SRC is currently in the process of being recog­nised as a test centre for accel­erated security certification.

We would also be happy to accompany your accel­erated security certi­fi­cation. If you have any questions about the BSZ, please do not hesitate to contact us.

Tag Archive for: accelerated security certification