Go To Content Go To Menu

Evaluation Facility for IT-Security

Our evaluation facility for IT security is one of only seven facilities accredited and licensed by the BSI since February 2005.

BSI Accreditation

Our evaluation facility for IT security  is one of only seven facilities approved and licensed by the BSI since February 2005.

BSI-accredited facility for IT security according to  Common Criteria (CC)

BSI-accredited facility for IT security according to Common Criteria (CC)

Performance list

TOPIC

Services Evaluation Facility

Common Criteria

  • Consultations & workshops  concerning the certification process
  • Creation of CC documents
  • Common Criteria evaluation of protection profiles (e.g. Smart Meter Gateway)
  • Evaluation of products according to EAL 2+
  • Evaluation of locations according Site Security Target

IT security concepts & expertise

  • DIN ISO 27001
  • BSI IT Grundschutz

Smart Metering

  • Consulting Smart Meter Gateways: architecture, technology, PKI
  • Compliance test TR-03109-1 SMGW (as soon as available)

Analysis for Vulnerability

  • Penetration test from “outside”
  • “White-box testing” from inside
  • Recommendations

Interoperability Tests

  • IPsec testing laboratory (for the European automotive industry)

Cash register systems / Cash registers

  • Consulting on BSI TR-03153 & BSI TR-03151 (SE-API)
  • Testing of technical safety equipment for electronic recording systems according to BSI TR-03153-TS

Deposit systems

  • Evaluation of the IT security of deposit take-back systems in accordance with DPG requirements

Gambling machines

  • Security reports for Gambling machines

Services of our Evaluation Facility for IT Security

Topic:

Cash register systems / Cash registers

Electronic recording systems such as computer-aided cash register systems or cash registers must protect every business transaction requiring recording with the aid of a technical security device (TSE) certified by the BSI in accordance with § 146a of the Fiscal Code. To this end, the BSI has drawn up binding specifications for the TSE in the form of protection profiles and technical guidelines.

MTG accreditation area BSI TR-03151 / BSI TR-03151-TS

MTG accreditation area BSI TR-03151 / BSI TR-03151-TS

Our services on this subject are:

  • Consulting for the creation of security targets (ST) according to "SMAERS-PP": BSI-CC-PP-0105 "Common Criteria Protection Profile Security Module Application for Electronic Record-keeping Systems".
  • CC evaluation of "SMAERS" applications according to "SMAERS-PP
  • Consulting on the Technical Guidelines BSI TR-03153 "Technical Safety Device for Electronic Recording Systems
  • Consulting on the Technical Guideline BSI TR-03151 "Technical Guideline BSI TR-03151 Secure Element API (SE API)" (BSI TR-03151)
  • Conformity testing of technical safety equipment for electronic recording systems according to the test specification BSI TR-03153-TS as a prerequisite for certification of the TSE by the BSI.
Topic:

Smart Metering

For Gateway Administrators (GWA) and External Market Participants (EMT)

  • Consulting and support for ISO 27001 certification of GWA or EMT
  • Consulting for the implementation of the requirements of BSI TR-03109-6 "Smart Meter Gateway Administration" as a prerequisite for certification as GWA
  • Advice on the definition of GWA processes
  • Advice on Smart Metering PKI requirements for GWA and active or passive EMT
  • Creation of safety concepts for passive EMTs

For Smart Meter Gateway Manufacturer (GWH)

Gateway manufacturers have to certify their product according to BSI protection profile "BSI-CC-PP-0073" based on Common Criteria and according to technical guide-line "BSI TR-03109-1".

  • Consulting and/or evaluation of the SMGW (accompanying development) according to SMGW-PP
  • Conformity testing or evaluation of the SMGW according to TR-03109-1 as soon as the corresponding test specifications have been published by the BSI

For Sub-CA operators within the Smart Metering PKI (SM-PKI)

The operation of a sub-CA within the SM-PKI must be certified according to BSI TR-03145-1 (Secure CA operation, Part 1) and meet the requirements of the Certificate Policy of the SM-PKI.

  • Consulting and support for the ISO 27001 certification of the Sub-CA operator
  • Consulting in the definition of Sub-CA processes according to TR-03145-1 and their support through the use of suitable certificate management software (e.g. MTG Metering-CA)
  • Support in the certification process according to BSI TR-03145-1
  • Support in fulfilling the requirements of the SM-PKI Certificate Policy
  • Creation of the Sub-CA Certificate Policy
Topic:

Gambling machines

Gambling machines must be approved by the PTB (Physikalisch Technische Bundesan-stalt). For this purpose, the PTB has also formulated requirements for the tamper resistance of gambling machines in a Technical Guideline. With the application for approval, a manufacturer of gaming machines must submit an expert opinion from a testing laboratory recognised by the BSI to the effect that the gaming machine complies with the PTB guidelines.

Our services on this subject are:

  • Advising device manufacturers on the IT security requirements for gambling devices from the Technical Guideline
  • Preparation of the safety report in accordance with the Technical Guideline for Money Play Equipment for Manipulation Security as a prerequisite for PTB approval of the type of construction
Topic:

Deposit systems

Counting centre operators for the return of depositliable one-way drinks packaging must be certified by the DPG (Deutsche Pfandsystem GmbH). In addition to the inspection of the mechanical components of counting centres, the IT inspection is also part of the certification.

Our services on this subject are:

  • General advice on the DPG requirements for the IT security of counting centers
  • Examination and documentation of the IT security of take-back systems for returnable single-use drinks packaging subject to deposit in accordance with the requirements of the DPG as a prerequisite for certification

 

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …