Fast, predictable, lower cost: The lightweight alternative to CC certification
The Accelerated Security Certification (BSZ) is an independent certificate that confirms the security statement of your IT product.
BSZ focuses on the security robustness of your IT product. Through a combination of evaluations and penetration tests, it is possible to objectively prove that your product fulfills the stated security performance and the required security specifications of the BSI - quickly, predictably and with a minimum amount of documentation.
As a recognized BSZ evaluation body, TÜViT offers you testing and evaluation services and supports you in achieving the successful certification for your IT product.
IT security certification in less than 3 months
Risk-based testing by experienced penetration testers
Predictable costs & reduction in the amount of documents required
Benefits of the accelerated security certification
- High level of trust: Objective confirmation of the security statement of your IT product in the form of a certificate.
- Lightweight alternative to CC: The BSZ is a significantly faster alternative to certification in accordance with the Common Criteria (CC).
- Reliable time & cost planning: The BSZ saves time & reduces communication to a minimum. The result is a certification test that can be easily scheduled.
- Minimum requirements for evidence to be provided: The reduced scope of the required documents keeps the expenditure for manufacturers low.
- CSPN recognition: The BSZ certification scheme is compatible with the French CSPN & mutual recognition is in preparation.
- Designed for European recognition: Compatibility with the Fixed Time Approach (FIT CEM) provides a basis for integration at European level in future CSA schemes.
Accelerated security certification – Evaluation procedure
The main objective of the preparation is the review of the TOE (Target of Evaluation) as well as the preparation and evaluation of the ST (Security Target) by the inspection body. The expenditure required for the evaluation is then calculated.
In an introductory kick-off meeting, we will discuss the evaluation of your product together with you and the BSI certification body and determine the time frame required for this as well as the underlying test plan. During the kick-off meeting, you will have the opportunity to clarify any unanswered questions and receive information on the progress of the test, such as specific test procedures.
As a BSI-recognized inspection body, we will evaluate your IT product. This means that we will look at the product description and, on the basis of document analyses, conformity checks, penetration tests and cryptanalyses, we will evaluate whether your product actually fulfills the promised security performance under real-life conditions.
Focus of the test
The test focuses on four main questions: Are the installation instructions (Secure User Guideline) correct? Does the evaluation object meet the security target requirements of the BSI? Is the product secure? And: Is the implemented cryptography correct?
Our experts will investigate these questions and check the security of your IT product in the form of penetration tests and attacks using a high level of expertise. Thus, we check whether it is possible to circumvent the assured security targets.
At the same time, we examine whether the requirements for the attached handbook are fulfilled. It must describe how the Target of Evaluation is made secure in a way that is comprehensible to the user. Likewise, conformity with security specifications and the flawless implementation of (cryptographic) algorithms and protocols are essential criteria for the BSZ.
Conclusive result report
We will summarize the results of the tests in a conclusive results report for submission to the BSI. The report will contain, among other things, the safety-related description of the certified product, the details of the assessment and instructions for the user. We will then submit the result of the evaluation to the BSI.
After we have sent the report to the BSI, we will conduct an interview in which we defend the test report and answer questions, for example about the test strategy or the choice of experts.
If the BSI accepts the Evaluation Technical Report, you will receive the desired certificate. By doing so, you simultaneously undertake to monitor the product for potential new security vulnerabilities and to provide appropriate updates. The certification is valid for 2 years.
Checklist: You will need these documents
Security Target (approx. 10 pages)
Architecture overview (operating system, main components, libraries used)
Description of the update mechanism
Description of the cryptographic functionality (protocols, parameters, libraries)
Instructions for secure configuration (Secure User Guide)
Why we are a strong partner for you
Expertise
Industry experience
Everything from one source
Tailor-made for you
International network of experts
Independence
