In many areas of the fast growing IT-landscape, cybersecurity is an ever more important aspect. The digitalization of significant parts of critical infrastructure, industry, civil services and many more sectors demands for security of the systems and products employed. This is where the cybersecurity certification of IT-products comes into play. It enables manufacturers and vendors of IT-products to have their security statements regarding a product confirmed by a cybersecurity certificate.

The joint release by BSI and the French Agence Nationale de la Sécurité des Systèmes d‘Information (ANSSI) describes the general process underlying the cybersecurity certification of IT-products and explains the concept of Fixed Time Evaluation, a specific evaluation methodology that is used both in the French Certification de Sécurité de Premier Niveau (CSPN) and in the German Beschleunigte Sicherheitszertifizierung (BSZ) certification schemes. The publication highlights the complementarity of these two schemes and provides an outlook on the possibility of implementing a harmonised European certification scheme.