Accelerated Security Certification (BSZ)

Do you have any questions or comments? Contact us!
Contact us!

Fast, predictable, lower cost: The lightweight alternative to CC certification

The Accelerated Security Certification (BSZ) is an independent certificate that confirms the security statement of your IT product.

BSZ focuses on the security robustness of your IT product. Through a combination of evaluations and penetration tests, it is possible to objectively prove that your product fulfills the stated security performance and the required security specifications of the BSI - quickly, predictably and with a minimum amount of documentation.

As a recognized BSZ evaluation body, TÜViT offers you testing and evaluation services and supports you in achieving the successful certification for your IT product.

  

IT security certification in less than 3 months

Risk-based testing by experienced penetration testers

Predictable costs & reduction in the amount of documents required

Accelerated Security Certification (BSZ) Accelerated Security Certification (BSZ) Accelerated Security Certification (BSZ) Accelerated Security Certification (BSZ)

Benefits of the accelerated security certification

  • High level of trust: Objective confirmation of the security statement of your IT product in the form of a certificate.
  • Lightweight alternative to CC: The BSZ is a significantly faster alternative to certification in accordance with the Common Criteria (CC).
  • Reliable time & cost planning: The BSZ saves time & reduces communication to a minimum. The result is a certification test that can be easily scheduled.
  • Minimum requirements for evidence to be provided: The reduced scope of the required documents keeps the expenditure for manufacturers low.
  • CSPN recognition: The BSZ certification scheme is compatible with the French CSPN & mutual recognition is in preparation.
  • Designed for European recognition: Compatibility with the Fixed Time Approach (FIT CEM) provides a basis for integration at European level in future CSA schemes.

Accelerated security certification – Evaluation procedure

Phase 1: Preparation

The main objective of the preparation is the review of the TOE (Target of Evaluation) as well as the preparation and evaluation of the ST (Security Target) by the inspection body. The expenditure required for the evaluation is then calculated.

Phase 2: Joint kick-off at the BSI

In an introductory kick-off meeting, we will discuss the evaluation of your product together with you and the BSI certification body and determine the time frame required for this as well as the underlying test plan. During the kick-off meeting, you will have the opportunity to clarify any unanswered questions and receive information on the progress of the test, such as specific test procedures.

Phase 3: Evaluation & test report

As a BSI-recognized inspection body, we will evaluate your IT product. This means that we will look at the product description and, on the basis of document analyses, conformity checks, penetration tests and cryptanalyses, we will evaluate whether your product actually fulfills the promised security performance under real-life conditions.

Focus of the test

The test focuses on four main questions: Are the installation instructions (Secure User Guideline) correct? Does the evaluation object meet the security target requirements of the BSI? Is the product secure? And: Is the implemented cryptography correct?

Our experts will investigate these questions and check the security of your IT product in the form of penetration tests and attacks using a high level of expertise. Thus, we check whether it is possible to circumvent the assured security targets.

At the same time, we examine whether the requirements for the attached handbook are fulfilled. It must describe how the Target of Evaluation is made secure in a way that is comprehensible to the user. Likewise, conformity with security specifications and the flawless implementation of (cryptographic) algorithms and protocols are essential criteria for the BSZ.

Conclusive result report

We will summarize the results of the tests in a conclusive results report for submission to the BSI. The report will contain, among other things, the safety-related description of the certified product, the details of the assessment and instructions for the user. We will then submit the result of the evaluation to the BSI. 

Phase 4: Final interview & issuance of the certificate

After we have sent the report to the BSI, we will conduct an interview in which we defend the test report and answer questions, for example about the test strategy or the choice of experts.

If the BSI accepts the Evaluation Technical Report, you will receive the desired certificate. By doing so, you simultaneously undertake to monitor the product for potential new security vulnerabilities and to provide appropriate updates. The certification is valid for 2 years.

  

Checklist: You will need these documents

   Security Target (approx. 10 pages)
   Architecture overview (operating system, main components, libraries used)
   Description of the update mechanism
   Description of the cryptographic functionality (protocols, parameters, libraries)
   Instructions for secure configuration (Secure User Guide)

Why we are a strong partner for you

Expertise

With us you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS revision, IS consulting and penetration tests.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Everything from one source

Whether you need GAP analysis, support services, CSC auditing or CSC certification, we are your one-stop provider for all the services you need.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We consult and support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.
You have questions? We are pleased to help!
Gerald Krebs Global Account Manager
Alexander Padberg Global Account Manager Cyber Security