BSI TR-03140 Conformity assessment according to the satellite data security act (TR-SatDSiG)
Earth remote sensing data generated by high grade Earth Observations Systems (EOS) is made progressively available for worldwide civilian commercialization. These data have a grade of quality, which was previously produced only by classified military and intelligence service satellites and that was used exclusively in closely defined environments. The distribution of these high value or high grade earth remote sensing data may endanger foreign or security policy interests.
It is therefore of vital interest to establish efficient means to secure the control of these satellites and the distribution of their data products.
The German Satellite Data Security Act (Satellitendatensicherheitsgesetz, SatDSiG) became necessary since highly capable space-based earth remote sensing satellites are constructed in Germany with the intention of the worldwide commercial marketing of the acquired images/data. The act provides legal certainty, establishes binding rules, and ensures their enforcement.
Objectives of this technical guideline
This technical guideline (Technische Richtlinie, TR) gives guidance for conformity evaluation facilities to perform assessments of IT-security measures of high grade EOS.
According to SatDSiG, BSI has to assess certain IT security measures of high grade EOS, their operators and data providers.
An operator or dissemination license for these satellites and the data acquired can only be granted by German Federal Office of Economics and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle, BAFA), if BSI declares these IT security measures as suitable.
This technical guideline describes all necessary steps to obtain the BSI statement:
- It summarizes the approach, methodology and inspection procedures in order to satisfy the tasks to be covered by BSI, as derived from the SatDSiG.
- It bundles the inspection procedures and methodology required for the evaluation of the systems of the operator and the data provider required by the SatDSiG.
- The compliance and fulfillment of these inspection procedures are a base for the licensing and admission requirements for the operation of satellites and ground stations and the dissemination of the satellite mission data.