Go To Content Go To Menu


Evaluation Facility for IT Security

Our evaluation facility for IT security approved and licensed by the BSI

Services of our Evaluation Facility for
IT Security

Our evaluation facility for IT security is one of only eight facilities approved and licensed by the BSI since February 2005.

BSI Certificate of approval for MTG Evaluation Facility for IT Security

BSI Certificate of approval for the MTG Evaluation Facility for IT Security


Common Criteria

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO/IEC 15408) for testing and evaluating the security characteristics of IT products.

Our services on this subject are:
  • Consulting & workshops on the certification process according to Common Criteria in the German scheme according to the BSI specifications
  •     Advice on the creation of CC documents such as:
     - Security Target (ST)
     - Functional Specification (FSP)
     - TOE Design Specification (TDS)
     - TOE Security Architecture (ARC), etc.
  •     Evaluation of protection profiles (e.g. Smart Meter Gateway)
  •     Evaluation of IT products according to EAL 2+ (e.g. Cisco Catalyst Switch)
  •     Site evaluation according to Site Security Target

Cash register systems / Cash registers

Electronic recording systems such as computer-aided cash register systems or cash registers must protect every business transaction requiring recording with the aid of a technical security device (TSE) certified by the BSI in accordance with § 146a of the Fiscal Code. To this end, the BSI has drawn up binding specifications for the TSE in the form of protection profiles and technical guidelines.

Our services on this subject are:
  • Consulting for the creation of security targets (ST) according to "SMAERS-PP": BSI-CC-PP-0105 "Common Criteria Protection Profile Security Module Application for Electronic Record-keeping Systems"
  • CC evaluation of "SMAERS" applications according to "SMAERS-PP
  • Consulting on the Technical Guidelines BSI TR-03153 "Technical Safety Device for Electronic Recording Systems
  • Consulting on the Technical Guideline BSI TR-03153
  • Conformity testing of technical safety equipment for electronic recording systems according to the test specification BSI TR-03153-TS as a prerequisite for certification of the TSE by the BSI

Smart Metering

For Gateway Administrators (GWA)
and External Market Participants (EMT)

  • Consulting and support for ISO 27001 certification of GWA or EMT
  • Consulting for the implementation of the requirements of BSI TR-03109-6 "Smart Meter Gateway Administration" as a prerequisite for certification as GWA
  • Advice on the definition of GWA processes
  • Advice on Smart Metering PKI requirements for GWA and active or passive EMT
  • Creation of safety concepts for passive EMT

For Smart Meter Gateway Manufacturer (GWH)

Gateway manufacturers have to certify their product according to BSI protection profile "BSI-CC-PP-0073" based on Common Criteria and according to technical guide-line "BSI TR-03109-1".

  • Consulting and/or evaluation of the SMGW (accompanying development) according to SMGW-PP
  • Conformity testing or evaluation of the SMGW according to TR-03109-1 as soon as the corresponding test specifications have been published by the BSI

For Sub-CA operators within the Smart Metering PKI (SM-PKI)

The operation of a sub-CA within the SM-PKI must be certified according to BSI TR-03145-1 (Secure CA operation, Part 1) and meet the requirements of the Certificate Policy of the SM-PKI.

  • Consulting and support for the ISO 27001 certification of the Sub-CA operator
  • Consulting in the definition of Sub-CA processes according to TR-03145-1 and their support through the use of suitable certificate management software (e.g. MTG Metering-CA)
  • Support in the certification process according to BSI TR-03145-1
  • Support in fulfilling the requirements of the SM-PKI Certificate Policy
  • Creation of the Sub-CA Certificate Policy

Gambling machines

Gambling machines must be approved by the PTB (Physikalisch Technische Bundesanstalt). For this purpose, the PTB has also formulated requirements for the tamper resistance of gambling machines in a Technical Guideline. With the application for approval, a manufacturer of gaming machines must submit an expert opinion from a testing laboratory recognized by the BSI to the effect that the gaming machine complies with the PTB guidelines.

Our services are:

  • Advising device manufacturers on the IT security requirements for gambling devices from the Technical Guideline
  • Preparation of the safety report in accordance with the Technical Guideline for Money Play Equipment for Manipulation Security as a prerequisite for PTB approval of the type of construction

Deposit systems

Counting center operators for the return of deposit liable one-way drinks packaging must be certified by the DPG (Deutsche Pfandsystem GmbH). In addition to the inspection of the mechanical components of counting centers, the IT inspection is also part of the certification.

Our services on this subject:

  • General advice on the DPG requirements for the IT security of counting centers
  • Examination and documentation of the IT security of take-back systems for returnable single-use drinks packaging subject to deposit in accordance with the requirements of the DPG as a prerequisite for certification



Analysis of Vulnerabilities

IT systems are becoming more and more complex. Installation and/or configuration errors as well as their complex communication relationships using public networks often open up security-relevant attack possibilities. Vulnerability analyses aim to identify these mostly business-critical attack potentials and to derive recommendations for action to defend against them from the results.

Our services on this subject are:

  • Penetration test from "outside
  • "White Box" tests from the inside
  • Development of recommendations for action

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …