A Layer-2-Encryptor (L2E) is a product type used to implement secure exchange of sensitive data between trusted networks via potentially insecure networks at Network Layer 2. In this context, "trusted network" as defined in this document means that such a network is suitable and approved for processing VS-NfD classified data.

The confidentiality of the sensitive data to be transmitted during transmission at Network Layer 2 is ensured by its encryption. For an L2E, as defined here in this CI-RP, it is also required that it protects the integrity of the sensitive data to be transmitted. Furthermore, the authenticity of the communication partners between whom the sensitive data is transmitted must be guaranteed.

Download BSI-VS-AP-0010-2021

Download BSI-CI-RP-0010-2021 (english Version)