The main point of focus for the three departments in the Directorate-General KM is the field of cryptosystems as well as IT management.

Commercial basic development work and IT security functions are audited by Dept. KM 1, 'Approval and provisioning of classified information (CI) and IT security systems', and Dept. KM IT- 2, 'Specification, development and testing of cryptosystems, classified information (CI) and IT security systems', on the basis of technical and cryptographic analyses. This approach enables the preparation of authoritative security statements (certifications) regarding the suitability of these cryptosystems for the electronic processing of classified information. This work in the field of classified information (CI) approval and evaluation is conducted in close cooperation with international partners in the EU and NATO.

Section KM 3, 'IT Management' is responsible for ensuring the availability of an IT working environment that meets the requirements as set out by the BSI, as well as the management of specialist IT procedures in the field of high-security applications In addition, support is also provided to the Federal Agency for Public Safety Digital Radio (BDBOS) by the maintenance and further development of the cryptographic components within the digital BD network.

Sections in the Directorate-General KM (KM)

Section KM 1 -- 'Approval and provisioning of classified information (CI) and IT security systems'

The core task of Section KM 1 consists of the approval and provisioning of IT security products for the electronic processing of classified information (CI) in the federal administration. The audits and security certifications necessary to do so are based on an approval scheme that is continuously adjusted to reflect current threat levels and requirements. Nor does this merely involve meeting national needs and requirements: coordination work is also required that is appropriate for complying with the evaluation methods and approvals criteria applicable at international level—i.e. within the EU and NATO. In a cross-sectional context, the department is also responsible for developing and updating a product provisioning strategy for classified information and selected IT security products. This takes the form of a continuous dialogue with customers and close cooperation with the federal administration's IT service providers.

Furthermore, Section KM 1 is also designing the key management for the publicly regulated service provided by the EU's GALILEO satellite navigation system.

Section KM 2 -- 'Specification, development and testing of cryptosystems, classified information (CI) and IT security systems'

Section KM 2 develops and tests IT security products for the electronic processing of classified information (CI). Examples of this work include cryptography hardware for encrypting data, security gateways for defending secure communication networks and secure IT workstations, as well as software products for e-mail and file encryption. One particular challenge is presented by the securing of mobile devices such as smartphones or tablets. In these cases, a lack of (adequate) security functions from commercial products must be rectified by the use of specially developed security software. Solutions provided by the BSI also provide orientation for non-agency users with special security requirements.

Cryptographic algorithms and their inclusion in protocol formats form the basis for many IT security functions. Developing and testing such algorithms is another of the Department's core activities.

Many products with IT security functions are developed by specialised companies in the IT security industry on their own initiative. In some cases, however, the Department initiates and finances special development projects for high-security applications required by the federal administration. In each case, these products are verified by independent testing laboratories and, if they pass, receive BSI approval for use in IT systems handling classified information.

Section KM 3 -- Cryptosystems and 'IT Management'

Staff in Section KM 3 work to ensure the availability of an IT working environment in the BSI that meets requirements and are also responsible for the management of specialist IT procedures with increased security requirements as well as high IT-security applications. Section KM 3 also provides support to federal agencies, especially the Federal Agency for Public Safety Digital Radio (BDBOS), as well as international clients, by the maintenance and further development of cryptographic components and the operation of centralised instances used for the management of cryptosystems. Pilot deployments of security solutions still under development are used to help ensure the maturity and evaluation of innovative IT security technologies during the formative process. In performing this work, the employees in Department KM 3 make a significant contribution to digitalisation in the field of high-security applications.

The Head of the KM Division is simultaneously the BSI's CIO.