Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Beschleunigte Sicherheitszertifizierung (BSZ)

A fixed-time cyber security certification scheme

Fixed-time cyber security certification

Schwarz weiße Abbildung eines stilisierten Burgturms mit drei Zinnen und Fenster im Turm.

The cyber security certification of IT products enables manufacturers to have their security statements regarding a product independently confirmed. The Beschleunigte Sicherheitszertifizierung (BSZ) Program in BSI is a lean approach to certification of IT products. The aim of the BSZ is to make the duration of the individual certification procedures relatively small and in particular planable and to keep the effort for product manufacturers – especially in the field of documentation – manageable.

The BSZ implements the European Standard EN 17640 Fixed-time cybersecurity evaluation methodology for ICT products (FiT CEM). The evaluation follows a risk-driven approach that establishes a high level of trust in the security statements.

Scope

Standards und Kriterien

The BSZ shall be carried out within scopes where there may be specific requirements for both the products, the manufacturer’s documents and the evaluation. The BSZ offers certifications in the following scopes:

  • General network components and embedded IP-networked devices
  • Highspeed connector (HSK) for the Telematik infrastructure

International recognition

Zwei Flaggen Deutschland - Frankreich

There is an agreement between the BSI and the French ANSSI for the mutual recognition of certificates of the CSPN and the BSZ, initially limited to two years. In principle, all CSPN certificates in Germany by the BSI and all BSZ certificates in France are recognised by the ANSSI. However, certificates may be exempted from recognition if, for example, they are subject to specific national regulation or if there are other reasons.

For the time being, the exemption from recognition concerns certificates in the area of Smart Metering (ANSSI-CSPN-Note-04), in the area of Cloud (ANSSI-CSPN-Note-06) and in the field of mobile apps (ANSSI-CSPN-Note-08). As part of the further harmonisation and parallel development of CSPN and BSZ agreed in the Agreement, work is being made to reduce these exemptions. The area of Network Probes (ANSSI-CSPN-NOTE-05) is no longer exempted from recognition and the respective CSPN certificates are recognised by the BSI.

Compatibility with the Fixed Time Approach (FiT CEM) provides a basis for European integration into future CSA schemes.

Contact information

If you have any other questions about BSZ, we will be happy to help. You can contact us using the information below at any time:

Federal Office for Information Security
Department SZ 33
P.O. Box 20 03 63
53133 Bonn, Germany
Telephone: 0800 247 1000
Fax: +49 (0) 228 99 9582-5455
bsz@bsi.bund.de

Public key for bsz@bsi.bund.de

Key-ID: F8AC ACB2 8E44 EE41
Fingerprint: BE8F 4E28 9741 D35D 492F 22DA F8AC ACB2 8E44 EE41

More Information

Back to Certification of products

Short URL:
https://www.bsi.bund.de/dok/bsz-en