In accordance with the BSI Act and the BSI-ZertV (BSI Certification and Accreditation Ordinance), the (BSI) Federal Office for Information Security is tasked with performing certifications for information technology products or components and information technology systems.

To perform these tasks, the BSI operates certification programmes, which respectively define and describe the rules (applicable scopes, needs-based testing criteria, requirements and records), the process itself as well as management activities for performing the certification.
Products are certified in response to an application for certification.The prerequisite for a certification is a technical evaluation according to the security criteria or technical guidelines published in the certification programme.

The procedure is described in the document Process description for the certification of products [PD Products] and is supplemented by the following requirements documents:

• Requirements for applicants for the IT security certification of products, protection profiles and sites [CC Products]
• Requirements for applicants for the certification of products according to technical guidelines [TR Products].
• The "Directories" document includes the main breakdown for all references (main list of current documents) as well as a glossary.
• The "Certification Mark Ordinance" lists the conditions of use for all mark users for the respective marks used for certification and accreditation.

Warranty of Assurance

Within the scope of type approval testing, the product certification confirms that a product version fulfils specific functional and security properties, which are specified in protection profiles, security targets or Technical Guidelines. The assurance level ("trustworthiness") of the personnel at the product developer and manufacturer itself is a prerequisite for the product certification process, however, and cannot be verified by the BSI. In this context, a manufacturer or a producer may opt to issue a self-declaration - such as to a procurement department, for example. The BSI supports such activities by providing a template for a corresponding Vertrauenswürdigkeitszusicherung.