Certification according to Technical Guidelines
In addition to the Certification of IT-Products and -Systems in regard to their security functions, the Federal Office for Information Security (BSI) provides the service of "Certification according to Technical Guidelines". A Certification according to Technical Guidelines is required, if – in addition to the fulfillment of certain security features – the implementation of particular functional requirements is essential for the operation of an IT-Product or -System. This notably applies to IT-Products or -Systems intended to be deployed in official and thereby security-sensitive domains of the Federal Republic of Germany. Great importance is placed on requirements concerning the electronic tamper-resistance, operational reliability and interoperability.
Technical Guidelines specifying these requirements are developed and released by BSI in close cooperation with industrial partners. New Technical Guidelines are only developed to meet upcoming demands regarding national security or to satisfy certain needs of public interest. The development of several Technical Guidelines connected to the introduction of electronic passports can be taken as an example.
It is possible for manufacturers and distributors to apply for Certification according to Technical Guidelines and have the conformity of their IT-Products or -Systems confirmed by BSI. In the course of the certification procedure a conformity evaluation of the IT-Product or -System based on the test specifications defined in the Technical Guideline is performed by an independent evaluation facility. The conformity evaluation takes place under the supervision of BSI. On successful completion the conformity of the IT-Product or -System is confirmed by BSI and a notification of conformity as well as a Certificate is issued.
Evaluation facilities are independent commercial institutions that are recognised by BSI allowing them to perform conformity evaluations according to Technical Guidelines. To obtain recognition by BSI evaluation facilities have to meet certain preconditions. Among others a proof of expertise as well as the existence of a quality management system according to DIN EN ISO/IEC 17025 is required. Recognitions are awarded by the recognition body of BSI which is also responsible for the supervision of evaluation facilities that have already been recognised.
All involved parties are bound to preserve the confidentiality of the information exchanged during the certification procedure. Provided the applicant agrees, certified IT-Products or -Systems are added to the list of products certified according to Technical Guidelines published on the BSI internet pages.
Conformity Evaluations of IT-Products or-Systems intended to gain certification by BSI are currently possible for the following Technical Guidelines:
- BSI TR-03105
Conformity Tests for official electronic ID Documents
- BSI TR-03119
Requirements for chip card reader devices with ePA support
- BSI TR-03121
Technical Guideline Biometrics in public sector applications
- BSI TR-03125
Beweiswerterhaltung kryptographisch signierter Dokumente
- BSI TR-03132
Sichere Szenarien für Kommunikationsprozesse im Bereich hoheitlicher Dokumente
- BSI TR-01201
Technical Guideline De-Mail
- BSI TR-03138
Ersetzendes Scannen (RESISCAN)
Further Technical Guidelines released by BSI can be found on the main page – Technical Guidelines of BSI
Evaluation Facilities (recognised by BSI according to DIN ISO/IEC 17025)
Products certified according to Technical Guidelines of BSI
A list of all products certified according to Technical Guidelines of BSI can be found here.
Please use the following email address for further requests: firstname.lastname@example.org