Certification of technical security devices
Requirements for certification
Manufacturers of technical security devices of electronic record-keeping systems according to the Ordinance establishing the technical requirements for electronic recording and security systems in commercial transactions (Kassensicherungsverordnung) must prove that the technical security device complies with the interoperability requirements of the Technical Guidelines TR-03153, TR-03151 and TR-03116-5. Proof shall be provided by the following certification of conformity:
- TR certification in line with the Technical Guideline BSI TR-03153-TS
Furthermore, the manufacturer must prove that the technical security device meets the necessary security requirements. Proof must be provided by the following security certifications according to Common Criteria:
- CC--Certification in line with the protection profile BSI-CC-PP-0105-2019 (SMAERS)
- CC--Certification in line with the protection profile BSI-CC-PP-0104-2019 (CSP) in the configuration according to BSI-CC-PP-0107 (Time Stamp Service and Audit) or BSI-CC-PP-0108 (Time Stamp Service, Audit and Clustering)
For cloud-based solutions, the CSP component can be operated centrally in a secure data centre. If a sufficiently high physical and organisational security level for the data centre is demonstrated, security certification can alternatively be provided according to the following protection profiles:
- CC certification in line with the protection profile BSI-CC-PP-0105-yyyy (SMAERS) (protection profile currently in re-certification)
- CC certification in line with the protection profile BSI-CC-PP-0111-2019 (CSP Light) in the configuration according to BSI-CC-PP-0113 (Time Stamp Service, Audit and Clustering)
The certificates issued by the certification body are limited to eight years and include the requirement to carry out a reassessment after five years.
General information on the certification of products can be found under Product Certification.
The certification obligation is limited to the technical security device with which the records of the cash register system are to be secured at the start of the recording process. Certification of the cash register (or cash register software) itself is not provided for.
Transitional arrangements for certification
As part of the introductory phase, the BSI allows a limited transitional phase for certification. Within this transitional phase, a CC certification of the security module in line with the protection profile PP-CSP that has not yet been completed can be replaced by a positive expert opinion by the BSI.
As a prerequisite for the assessment by the BSI, the manufacturer must provide the following evidence:
- Conformity to BSI TR-03153-TS has been demonstrated by a certificate.
- Compliance with the security requirements according to BSI-CC-PP-0105-2019 (Security Module Application for Electronic Record-keeping Systems (SMAERS)) has been proven by a certificate.
- The application for certification according to BSI-CC-PP-0104-2019 (CSP) in the configuration according to BSI-CC-PP-0107 (Time Stamp Service and Audit) was accepted by the BSI. Completion of the certification process is planned by the end of the year in accordance with the schedule agreed with the certification body.
- A valid hardware certificate for the composite certification of the CSP is available.
- There is a declaration on the implementation of necessary updates to achieve CC certification by the manufacturer.
The assessment is carried out by the BSI and includes the security functions of the CSP relevant for SMAERS. For this purpose, the manufacturer must provide the BSI with the documentation required for a vulnerability analysis, in particular design information on the implementation of the cryptographic procedures including the source code, the user guidance of the certified hardware used, as well as suitable samples for performing penetration tests.
A positive expert opinion confirms that, based on an early vulnerability analysis, a sufficient level of security is achieved according to the state of the art, but that formally a successful CC certification according to BSI-CC-PP-0104-2019 (CSP) in the configuration according toBSI-CC-PP-0107 (Time Stamp Service and Audit) is not yet available. In addition, the expert opinion confirms that the technical security device certified in accordance with the transitional arrangement may be placed on the market for fifteen months.
This is a transitional arrangement for the introductory phase, which can be applied to CC certification procedures for which the completion of the certification procedure is planned by the end of the year in accordance with the schedule agreed with the certification body.