The Directorate V consolidates the development, evaluation, approval and overarching consultation for the electronic processing of classified information.

The development of Commercial basic development work and IT security functions are audited in the Section V 1 „Approvals of Classified Information Solutions“ and V 2 „Evaluation and Development of Classified Information Solutions“ based on technical and cryptographic analyses. This ensures binding security assessments regarding the suitability of these cryptosystems for the electronic processing of classified information. This work in the field classified information approval and evaluation is conducted in close cooperation with international partners in the EU and NATO. The range of tasks in Directorate V is supplemented through the area of expertise in cryptography, where the mathematical and cryptographic foundations for future post-quantum secure communication infrastructures in government and society are defined. Additionally, Section V 3 is responsible for the digitalization of the BSI in high-security environments through the provision and operation of approved classified information solutions, thus serving as a central crypto service provider for sovereign tasks.

The direct connection between classified information approval and the evaluation of specific usage scenarios is expected to enable the federal administration to receive highly secure classified information solutions promptly and in accordance with state security requirements.

Directorate V stands for „All-in-one solution for classified information security“.

Sections in the Directorate-General V

Section V 1 -- 'Approvals of Classified Information Solutions'

The core task of Section V 1 consists of the approval and systemic clearances of IT security products, portfolio management for classified information solutions, as well as consulting on classified information systems and physical security measures. The interconnection of audits and security certifications allows for quick coordination processes, thereby accelerating the commissioning and use of secure IT security products in the federal administration.

The portfolio management serves a crucial role in the application-oriented use and further development of modern classified information solutions through demand assessment, demand consolidation along with market and requirements analysis. These tasks take foundational and cross-sectional areas as well as international policy into consideration. This context shapes the procedural and substantive requirements for national, EU, and NATO approvals of IT security products. The international sphere focuses on contributing to the regulations for handling classified information within the EU and NATO. This includes not only the technical work but also the political and strategic orientation in both bilateral and multilateral contexts.

Section V 2 -- 'Evaluation and Development of Classified Information Solutions'

The availability of trustworthy and quality-assured IT security products is a crucial pillar of any IT security architecture. Section V 2 is focused on the requirements for (highly) secure classified IT solutions for the federal administration. V 2 evaluates civilian and military IT security products for the electronic processing of classified information across all classification levels. This includes, for example, cryptographic devices for encrypting information, security gateways for protecting secure communication networks, classified cloud architectures, secure IT workstations, and software products for email and file encryption.

One particular challenge is in the evaluation of IT security architectures and platforms for cloud-based information security systems and infrastructures with the goal of obtaining classified approval. This takes into account the increasingly implemented Everything-as-a-Service concept in the B2B and consumer sectors by developing trusted service infrastructures within the context of state security protection for handling national classified information and making it available to the federal administration.

It is necessary to consider the security contributions of hardware, platforms, apps, infrastructure, and overall services when using mobile devices such as smartphones or tablets. It is equally essential to supplement any missing or inadequate security functions of individual products with specially developed security software. The BSI's solutions are also pioneering for non-governmental users with special security needs.

Section V 3 -- 'Center of Excellence on Cryptography and Management of Classified Information Systems'

The foundation of many IT security functions lies in cryptographic algorithms and their integration into protocols. The development and testing of these algorithms is a core responsibility of Section V 3. The threat posed by current cryptographic methods from quantum computers necessitates a comprehensive migration to quantum-safe cryptography in Germany that extends well beyond the applications of the federal administration. The solutions include cryptographic methods that are resistant to quantum computer attacks and can be integrated on digital computers within existing communication infrastructures. The use of post-quantum cryptography will become standard in most digital applications, with the migration in many areas being highly complex and expected to take several years.

Section V 3 is structured accordingly in the field of secure communication relationships, a crucial topic for a digital society, as a competence area for (post-quantum) cryptography. Fundamental Mathematics will lay the foundation for the new mathematical and cryptographic base to be developed and operationalized in the coming years. The task set of Section V 3 is supplemented by the provision of internal BSI-classified IT services in high-security environments, as well as certificate-based Trust Center - DL and ID management for key materials for external stakeholders. The profile of the section is rounded off with topics related to counter-surveillance examinations against modern eavesdropping techniques. The range of tasks for Section V 3 spans from fundamental mathematical and cryptographic expertise to application-oriented cryptographic and testing services.