BSZ - discovered, explained
Fast, plannable, less effort: the lightweight alternative to CC certification
With the Fixed-time cybersecurity certification (BSZ), you can prove the security statement of your IT product with an independent certificate. BSZ focusses on the security robustness of your IT product. Through a combination of evaluations and penetration tests, you objectively prove that your product fulfils the specified security performance.
The “Beschleunigte Sicherheitszertifizierung” (BSZ) enables manufacturers to prove the security statement of their IT product with an independent certificate. The objective confirmation ensures the highest possible level of trust in the IT device among end customers.
BSZ is a certification procedure of the German Federal Office for Information Security (BSI) and is based on a combination of conformity tests relating to the security performance of a product and penetration tests, which put the effectiveness of the technical security measures to the test.
General network components and embedded IP networked devices:
In the future, product categories with standardised specifications for technically comparable products are planned, which will also simplify the decision on the certifiability of specific products.
The security target (ST) describes the security functionality of the product to be evaluated, the interfaces, the threat model, the cryptographic mechanisms and the (expected) environment of the evaluation object. The document must be created by the applicant. This is the main basis for the subsequent evaluation.
The structure and specifications for the content of the ST are described in the AIS B1 document of the BSI can be found.
The final report is always prepared by our experts individually and in an easily understandable way (no automatic generation) and contains at least the following information:
The certification is valid for 2 years. During this time, the manufacturer undertakes to monitor the product for potential new security vulnerabilities and to provide corresponding updates.