IT Security Requirements and Conformity Assessment for the IT Security Label
IT Security Requirements and Conformity Assessment
Products, for which the IT Security Label shall be granted, must fulfil product category-specific IT security requirements. These products must be tested for conformity by the manufacturer itself or on behalf by a third party, e.g. a testing body of choice.
Find the current product categories, their IT security requirements and instructions for conformity assessment in the following table:
| Product category | IT security requirements | Conformity assessment |
|---|---|---|
| Broadband router | ETSI EN 103 848 in conjunction with ETSI TS 103 928 | Test specification ETSI TS 103 928 |
| E-mail services | BSI TR-03108 | Test specification BSI TR-03108-2 |
| Mobile Devices | BSI TR-03180 A | No additional test specification |
| Smart consumer devices | ETSI EN 303 645 in conjunction with ETSI TS 103 701 und BSI TR-03173 | Test specification ETSI TS 103 701 und BSI TR-03173 |
| Video conferencing services | DIN SPEC - „Basic Criteria Video Conferencing Services“ | Video Conferencing Services - Technical Specification und Conformity Assessment |
Prepare for the Cyber Resilience Act with the IT Security Label
The existing security requirements of the IT Security Label will gradually align with the security objectives of the EU Cyber Resilience Act (CRA), enabling manufacturers to start integrating them into their product development now. With the IT Security Label, manufacturers can prepare for the upcoming regulation while simultaneously building trust in their products. Together with industry and society, the BSI will further develop the security requirements of the label in the context of the CRA. The feedback gained from this process could potentially serve as guidance for harmonized standards or implementation recommendations at the European level. Learn more
Conformity assessment bodies
In case you prefer to have the conformity assessment carried out by a conformity assessment body, please find below a list of service providers who offer such assessments.
NOTE: The following service providers have approached the BSI with a request to be published on this website. We are happy to comply with this request to inform potential applicants for the IT Security Label, but would like to point out that the listing is not associated with any recommendation or quality statement by BSI (in particular no recognition or certification). The BSI takes no responsibility for the information provided by the service providers or their work.
| Conformity assessment body | Product category | Contact |
|---|---|---|
BaySec - Bayerische Gesellschaft für Cybersicherheit mbH Münchner Allee 13C |
| Web: https://bay-sec.de E-Mail: anfrage@bay-sec.de |
SRC Security Research & Consulting GmbH Emil-Nolde-Str. 7 |
| Web: E-Mail: |
BDO Cyber Security GmbH Am Waldschlösschen 2 |
| |
| cetecom advanced GmbH Im Teelbruch 116 45219 Essen Germany |
| Web: E-Mail: |
TÜV Informationstechnik GmbH Am TÜV 1 |
| Web: |
secuvera GmbH Siedlerstraße 22-24 |
|
E-Mail: |
Obering, Berg & Lukowiak GmbH Löhner Straße 157 |
|
E-Mail: |
VdS Schadenverhütung GmbH Postfach 103 753 |
| Web: E-Mail: |
| adfidetia GmbH Elisabeth-Selbert-Str. 1 40764 Langenfeld Germany |
|
E-Mail: |
| SITS Deutschland GmbH (AV-TEST) Klewitzstr. 7 39112 Magdeburg Germany |
|
E-Mail: |
TÜV SÜD Product Service GmbH Ridlerstr. 65 |
|
E-Mail: |
sapiens42 GmbH Rosenstraße 1 |
| Web: E-Mail: |
VDE Prüf- und Zertifizierungsinstitut GmbH Merianstraße 28 |
| |
Nemko GmbH Reetzstraße 58 |
|
E-Mail: |
Bureau Veritas Borsigstraße 11 |
|
E-Mail: |
OpenSource Security GmbH Am Bahnhof 3-5 |
| Web: E-Mail: |
SGS Digital Trust Services GmbH Mälzereigasse 4 |
| Web: E-Mail: |
Regarding placement or deletion from this list, please contact us at it-sicherheitskennzeichen@bsi.bund.de .
