Federal Office for Information Security (BSI)

BSZ Certification

The "Beschleunigte Sicherheitszertifizierung" (BSZ, Accelerated Security Certification) offers an alternative product certification with the aim of attesting security statements for a product by a certificate. In BSZ flexibility is traded in for better determinable overall evaluation times and reduced documentation requirements.

A combination of conformity testing (evaluation) regarding the security claims of the vendor with penetration testing, to evaluate whether security functionality can be bypassed, is at the core of BSZ. Evaluation occurs in a fixed time frame which depends on the product. Additionally, the installation guide is analysed for correctness and cryptography is analysed for potential problems.

Users of BSZ-certified products receive an understandable presentation of the security functionality of the evaluated product and additionally assurance that the vendor will, for a pre-defined amount of time, provide security updates if new vulnerability (classes) are uncovered.

The evaluation itself happens at a recognized laboratory of BSI. To obtain recognition, labs have to successfully complete a recognition procedure.

Each evaluation is monitored by personnel of the certification body (certifiers) to ensure that common approaches and methods are used. The evaluation report of the laboratory is accepted by certifiers only after an intensely technical debate with evaluators of the laboratory. Amongst others this process ensures that the assessment is comparable with other certification procedures.

The result of a certification procedure is recorded in a certification report. The report contains amongst others the security certificate (aggregated assessment) and the detailed certification report. The certification report contains the security relevant description of the certified product, details of the assessment and notes for the user.

The certificate and certification report issued are published by the certification body if the applicant agrees.

The BSZ certification procedure is currently being set up. BSI intends to accept applications after completion of a pilot phase during 2019. BSI aims at mutual recognition of certificates with other European certification bodies (especially ANSSI and their CSPN procedure).

Further information regarding certification:

Bundesamt für Sicherheit in der Informationstechnik
Referat D 22 und D 23
postbox 200363
D-53133 Bonn
Telephone: +49 228 99 9582-111
Telefax: +49 228 99 9582-5455
E-Mail: zertifizierung@bsi.bund.de