Section SZ 1 -- Standardisation, Certification Principles and Oversight

Section SZ 1 consolidates the activities from the Directorate-General SZ that are not directly related to the day-to-day business of handling certification processes. These include activities such as the attestation and certification of testing laboratories or IT security service providers, for example, as well as the personnel who are needed to perform the certification processes in section SZ 2. Section SZ 1 is also responsible for handling the underlying committee and coordination work, where this affects the further development of certification standards in a European and an international context. Other points of focus for the department's work include the coordination of the BSI's standardisation activities, cooperation in procedures involving the Foreign Trade and Payments Act, as well as IT-Grundschutz.

Section SZ 2 -- Certification Processes

The technical execution of certification processes is handled by Section SZ 2. The individual teams here are specialised in specific types of procedure as well as product areas. For more detailed information about the various certification processes that are available, please see the topic page 'Certification and attestation'.

Section SZ 3 -- Cyber Security in Mobile Infrastructure and Chip Technology

A long-term topic of particular interest for the BSI is ensuring the secure design of 5G/6G infrastructure in Germany. Within the BSI, ensuring this cyber security goal can be achieved is a task assigned to the new section SZ 3, 'Cyber Security in Mobile Infrastructure and Chip Technology', which is currently being set up. The work of this new section will focus not only on the development of the technical foundation and security requirements in relation to the new 5G/6G infrastructure but also the completion of regular audits in order to ensure compliance with relevant BSI specifications. In this context, the BSI will work to certify relevant network components, for example, and exert a corresponding market oversight authority. Other activities will include the provisioning of chip-based eID technologies for mobile application areas as well as issuing corresponding IT security indicators.