Beschleunigte Sicherheitszertifizierung (BSZ)

A fixed-time cybersecurity certification scheme following EN 17640

Fixed-time cybersecurity certification

Schwarz weiße Abbildung eines stilisierten Burgturms mit drei Zinnen und Fenster im Turm.

The cybersecurity certification of IT products enables manufacturers to have their security statements regarding a product independently confirmed. The Beschleunigte Sicherheitszertifizierung (BSZ) Program in BSI is a lean approach to certification of IT products. The aim of the BSZ is to make the duration of the individual certification procedures relatively small and in particular planable and to keep the effort for product manufacturers – especially in the field of documentation – manageable.

The BSZ implements the European Standard EN 17640 Fixed-time cybersecurity evaluation methodology for ICT products (FiT CEM). The evaluation follows a risk-driven approach that establishes a high level of trust in the security statements.

Scope

The BSZ shall be carried out within scopes where there may be specific requirements for both the products, the manufacturer’s documents and the evaluation. The BSZ offers certifications in the following scopes:

General network components and embedded IP-networked devices
Highspeed connector (HSK) for the Telematik infrastructure
Components in the HAN of the SMGW

International recognition

Stilisierte Brücke mit dem Begleittext fixed time certification — Logo for the mutual recognition of BSZ and CSPN certificates

There is an agreement between the BSI and the French ANSSI for the mutual recognition of certificates of the CSPN and the BSZ, initially limited to two years. In principle, all CSPN certificates in Germany by the BSI and all BSZ certificates in France are recognised by the ANSSI. However and accordingly to the article 3 of the agreement, certificates may be exempted from recognition if, for example, they are subject to specific national regulation or if there are other reasons. Those exemptions are listed in the Application Note "Exemptions from Recognition".

The new logo for the mutual recognition of BSZ and CSPN certificates will be used starting August 1st, 2024. It increases the visibility of recognized certificates and makes it easier to verify the recognition status. The logo may only be used by the issuing certification authorities.

Compatibility with the Fixed Time Approach (FiT CEM) provides a basis for European integration into future CSA schemes.

Certification of critical components

Hand und Stempel mit dem Aufdruck "Regulations".

TR-03163 "Security in Telecommunications Infrastructure" names BSZ as an approved scheme for the certification of critical components in telecommunications networks. Information on approved certification schemes for critical components in telecommunications networks with increased risk potential as well as instructions for selecting a suitable certification scheme are provided by the Technical Guideline TR-03163 „Sicherheit in TK-Infrastrukturen“.