Update on the German Scheme Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) September 25, 2007 Irmela Ruhrmann Head of Division Certification, Approval and Conformity Testing Gereon Killian Head of Certification Body
22
Embed
Update on the German Scheme Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) September 25, 2007 Irmela.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Update on the German Scheme
Bundesamt für Sicherheit in der Informationstechnik (BSI)
(Federal Office for Information Security)
September 25, 2007
Irmela Ruhrmann Head of Division Certification, Approval and Conformity Testing
Gereon KillianHead of Certification Body
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 2
The Federal Office for Information Security (BSI) was established by the German Parliament in 1991.§ 3 of the Act on the Establishment of the BSI, dated 17.12.1990 (Federal Law Bulletin I p. 2834) defines the tasks of BSI.
The Federal Office for Information Security (BSI) was established by the German Parliament in 1991.§ 3 of the Act on the Establishment of the BSI, dated 17.12.1990 (Federal Law Bulletin I p. 2834) defines the tasks of BSI.
BSI Certification
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 4
BSI Certification Ordinance (BSI ZertV)
Act on Establishment of BSI(BSIG: December 1990)
Decrees of the Federal Minister of the Interior(e.g. handling of cryptographic problems)
Schedule of Costs (BSI-KostV)
BSI Certification
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 5
1989: Green Book of BSI
1991: Information Technology Security
Evaluation Criteria (ITSEC)
1999: Common Criteria (CC) V2.1 -
Standard ISO/IEC 15408
2004: Common Criteria (CC) V2.4 -
ASE/APE Trial Use Version
2005: CC V 3.0 Trial Use Version
2005: Common Criteria (CC) V2.3 -
Standard ISO/IEC 15408
2006: CC V 3.1 Approved by MC in
September 2006
SKriterien für die Bewertungder Sicherheit von Systemen
der Informationstechnik (ITSEC)
Juni 1991
Common Criteriafor Information Technology
Security Evaluation
Part I: Introduction and general model
May 1998
Version 2.0
CCIB-98-026
History
IT-SECURITY CRITERIA
German Certification Scheme
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 6
Supported by• accredited evaluation
facilities• licensed auditors• international committees for
- criteria development and
harmonisation
- mutual recognition
Customer,User,
Operator
Product Certificates
- confirms product specificsecurity functionality and quality (CC/PP)- confirms system interoperability and functional aspects (TR)
ISO 27001 Certification in compliance with BSI Baseline Protection
In the BSI Certification Scheme, ISO 27001 in compliance with BSI Baseline Protection and Product Certification are intended to be complementary
BSI Certificate
confirms functioning and effective IT security management
ISO
270
01 /
BS
I IT
BP
BSI as Federal Office for Information Security
Pro
du
ct
Cer
tifi
cati
on
BSI-Certificate
German Certification Scheme
BSI TR
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 9
BSI Accreditation - Evaluation Facilities (1)
CC and/or ITSEC ITSEFs: Atos Origin GmbH atsec information security GmbH brightsight bv (former TNO-ITSEF BV) CSC Deutschland Solutions GmbH datenschutz nord GmbH DFKI (German Research Institution for Artificial Intelligence) GmbH media transfer AG secunet SwissIT AG SRC Security Research & Consulting GmbH Tele-Consulting security | networking | training GmbH (TC) T-Systems GEI GmbH TÜV Informationstechnik (TÜVIT) GmbH Industrieanlagen-Betriebsgesellschaft mbH (IABG) (only ITSEC)
German Certification Scheme
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 10
BSI Accreditation - Evaluation Facilities (2)
BSI TR 03104 (ePass production data aquisition, quality check and data transmission)
Fraunhofer Institut für Angewandte Optik und Feinmechanik
Certification requirements according to EU Directive: specified in „Generic Security Targets“ in conformity with the Common Criteria Protection Profile concept ITSEC, E3 high Common Criteria (CC), EAL 4+
German Certification Scheme
Important Certification Projects (3)Important Certification Projects (3)
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 24
PP on Software for protection of personal video data - Closed Circuit Television (CCT)
Electronic Voting PPs (CC V2.3 / CC V3.1)
PP for USB-data storage devices
Mobile Synchronization Services PP
Security IC Platform Protection Profile (CC V3.1)
Other Recent Protection Profile DevelopmentsOther Recent Protection Profile Developments
German Certification Scheme
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 25
ISO 9001 - Certification according to industry rules QM-System of CB has been certified
Site Certification:Introduction in the German scheme 4th quarter 2007
Guidance for Developer’s Documents
Update of Scheme Interpretations for CC V3.1 ongoing
Important Projects inside the BSI Certification SchemeImportant Projects inside the BSI Certification Scheme
German Certification Scheme
Irmela Ruhrmann / Gereon Killian September 25, 2007 Slide 26