Skip to searchSkip to main content
  • _csp_www_brightsight_com_contact-us
Brightsight

  • BSI

    Bundesamt für Sicherheit in der Informationstechnik

    CC & BSZ & IT-Sicherheitskennzeichen

SGS Digital Trust Services GmbH, part of Brightsight by SGS, is accredited by the BSI as a testing laboratory for Common Criteria and other security certifications.

Bundesamts für Sicherheit in der Informationstechnik (BSI).

Common Criteria

Brightsight can perform Common Criteria Evaluations up to highest EAL in the scope of Smartcards and similar devices.

So far, SGS has already experience with the following Protection Profiles:

  • BSI-CC-PP-0084 - Security IC Platform Protection Profile
  • BSI-CC-PP-0059 - Protection profiles for secure signature creation device - Part 2: Device with key generation
  • BSI-CC-PP-0075 - Protection profiles for secure signature creation device - Part 3: Device with key import (version 1.0.2
  • BSI-CC-PP-0099 - Java Card System – Open Configuration Protection Profile
  • BSI-CC-PP-0101 - Java Card System – Closed Configuration Protection Profile
  • BSI-CC-PP-0117 - Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

BSZ

The Beschleunigte Sicherheitszertifizierung (BSZ) Program in BSI is a lean approach to certification of IT products. The aim of the BSZ is to make the duration of the individual certification procedures relatively small and in particular plannable and to keep the effort for product manufacturers manageable.

The program is promoted as lightweight Common Criteria by BSI, and implements the European Standard EN 17640 Fixed-time cybersecurity evaluation methodology for ICT products. The evaluation follows a risk-driven approach that establishes a high level of trust in the security statements.

The BSZ currently offers certifications in the following scopes:

  • General network components and embedded IP-connected products
  • Highspeed connector (HSK) for the telematics infrastructure
  • Components in the Home Area Network (HAN) of the Smart Meter Gateways (SMGW)

As BSZ is compatible with the fixed time approach according to EN 17640 (FIT CEM), it is targeted for harmonization under the Cybersecurity Act.

Germany’s BSI and France’s ANSSI mutually recognize CSPN and BSZ certificates with possible exemptions. Alignment with the EN 17640 Fixed Time approach supports progress toward a harmonized EU-wide certification scheme under the Cybersecurity Act.

IT Security Label

The BSI grants the IT Security Label to digital products and services that are designed according to recognized security standards. The label is therefore an important purchase argument for consumers and a market advantage for manufacturers.

Manufacturers and providers of digital products and services can apply for it. With the label, they declare that they design their products according to basic IT security requirements, fix vulnerabilities and provide security updates.

Products and services that display the IT Security Label can be checked for compliance with the requirements by the BSI, by sampling or on an adhoc basis. The label informs consumers simply and transparently via QR code about the IT security of products and services.

Currently the following product categories have technical guidelines available:

  • Broadband router
  • E-Mail services
  • Mobile devices
  • Smart consumer devices
  • Smart security devices
  • Video conferencing services

The German IT Security Label is mutually recognized with Singapore and South Korea, enabling simplified certification procedures across these countries. Ongoing efforts aim to expand such international recognition further.