The Accelerated Security Certification Beschleunigte Sicherheitszertifizierung (BSZ) is a lightweight alternative to the CC-Certification. The BSI certifies the IT security of a device using the BSZ. The BSZ requires much less documentation and may be achieved in a shorter time period (typically 35 days). This results in less cost. But at the same time it does have less relevance as the CC.
The BSZ evaluates whether the vendor correctly implemented the promised security features in the product. Penetrationtest are used to check if these security features may be circumvented. In addition the manual and the used cryptographic algorithms are checks for correctness.
The user of a certified product receives a comprehensive and clear documentation of the security features. Additionally the vendor promises the user that known vulnerabilities will be fixed in a defined time period.
This BSZ process is currently (2020) being set up. The BSI calls for vendors to take part in the 2. Pilot.
We, the OpenSource Security GmbH, already accompanied the first pilot in 2018 together with two other companies. In the process we provided recommendations concerning the process to the BSI. Therefore we already have great experience with the process and the measures.
Currently there are no recognized labs for the BSZ process. We are currently applying for such a recognition. For this procedure we are looking for a vendor as a partner who would like to apply for the process in concert. You as a vendor would choose us as testing lab. Please contact us, if you are interested.