When digitising processes and applications with high confidentiality requirements, careful examination of the information security of the IT hardware that processes sensitive information is a prerequisite. Originally stemming from military reconnaissance, the use of electromagnetic radiation has long since found its way into the repertoire of intelligence services and organised crime. In addition to public institutions of all kinds, commercial enterprises are also at risk from this form of illegal and covert information gathering.

The BSI has developed methods to check the suitability of IT hardware for processing confidential information and to counteract threats from electromagnetic effects. This helps to secure electronic communications for confidential government business and also reduces the attack surface for government contractors.

To ensure the availability of radiation-tested devices to a scalable level for the entire federal administration, the BSI works with expert partners from industry. These manufacturers produce IT devices that are tested by the BSI in terms of their conformity to relevant national and international regulations and, if they pass, are approved with regard to their emissions properties. Known as the TEMPEST approval, this is embedded in the overall package of CI approval and is required according to Section 57 of the VSA if classified information of the classification levels VS-VERTRAULICH (classified -- confidential) and higher are to be processed electronically.

The following pages explain the threat and show which countermeasures are suitable and necessary for effective prevention.