Go To Content Go To Menu
Close Menu
Search
Menu
Search

SERVICES

IT Security Evaluation Facility

MTG IT Security Evaluation Facility approved and licensed by the BSI

Services of the MTG IT Security Evaluation Facility - ITSEF

Prüfstelle IT-Sicherheit, Anerkennungsurkunde des BSI

Since February 2005, our ITSEF has been one of only eight IT Security Evaluation Facilities recognized by the BSI.

CC evaluation

Evaluation & Consulting According to Common Criteria

The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC for short) is an internationally recognized standard for certifying IT products for data security. The CC is very flexible and can in principle be applied to all IT products. Government applications often require CC certification, but CC can also be used generally to provide security assurance for a product.

Before applying for a product certification according to Common Criteria, a recognized ITSEF must have been commissioned for the evaluation. In addition, in many cases it makes sense to commission a corresponding consulting service.

The MTG  IT Security Evaluation Facility has been a BSI-approved Evaluation Facility for Common Criteria evaluations since 2005. We offer evaluation and consulting services.

Our fields of expertise
  • Cryptography
  • Software
  • Technical safety equipment for cash register systems (TSE)
  • Smart Meter Gateways
  • Embedded Systems
  • IoT
  • Site certification according to CC

Info on Common Criteria:

Common Criteria Portal

Website "Common Criteria for Information Technology Security Evaluation"

Zertifizierung von Produkten: Zertifizierung nach CC/IT-Sicherheiskriterien

Webpage of BSI (in German language)

Evaluation according to BSZ - Accelerated safety certification

The BSI's Accelerated Security Certification (Beschleunigte Sicherheitszertifizierung, BSZ) enables vendors to have their security claims regarding a product confirmed by an independent certificate. Here, however, many aspects are based on the Common Criteria. The BSZ is compatible with the French CSPN and it is planned to have mutually recognize certificates between both countries.

A product that is to be certified according to BSZ must be in one of the scopes defined by the BSI. The following scopes are currently available:

Following scopes are currently available:
  • Network Devices
  • SMGW HAN components (in preparation)

Info on Evaluation according to BSZ

BSI - Beschleunigte-Sicherheitszertifizierung

Webpage of BSI (inGerman language)
Requirements for healthcare applications

Evaluation & consulting according to TR-03161-(1,2,3)

The Fifth Book of the German Social Law (SGB V §139e paragraph 10) states the following for digital health applications (DiGA):

„Das Bundesamt für Sicherheit in der Informationstechnik legt im Einvernehmen mit dem Bundesinstitut für Arzneimittel und Medizinprodukte … die von digitalen Gesundheitsanwendungen nachzuweisenden Anforderungen an die Datensicherheit … fest. Der Nachweis der Erfüllung der Anforderungen an die Datensicherheit durch den Hersteller ist spätestens ab dem 1. Januar 2023 unter Vorlage eines Zertifikates … zu führen.“

(Original legal text)

There is a similar regulation (SGB XI §78a paragraph 7) for digital care applications (DiPA):

„(7) Das Bundesamt für Sicherheit in der Informationstechnik legt im Einvernehmen mit dem Bundesinstitut für Arzneimittel und Medizinprodukte … die von digitalen Pflegeanwendungen … zu gewährleistenden Anforderungen an die Datensicherheit fest.“

(Original legal text)

The MTG  IT Security Evaluation Facility is currently setting up testing operations for the TR-03161 and the application for recognition has already been submitted to BSI.

Info on TR-03161:

Sozialgesetzbuch, Fünftes Buch - Gesetzliche Krankenversicherung

Gesetze im Internet (in German Language)

Sozialgesetzbuch, Elftes Buch - Soziale Pflegeversicherung

Gesetze im Internet (in German Language)

BSI - Technische Richtlinien TR-03161

Webpage of BSI (in German Language)
Technical safety devices of cash register systems

Evaluation & consulting according to TR-03153

Section 146 a (1) of the German Tax Law stipulates that electronic cash register systems may only be operated with a certified "technical security equipment" (TSE). In concrete terms, this means that the TSE must be certified in accordance with Common Criteria and, on the other hand, TR-03153 in order to obtain an operating license.

The MTG IT Security Evaluation Facility is the first in Germany to be approved by the BSI for testing in accordance with TR-03153 and has already accompanied many certification procedures for various customers.

Info on TR-03153

BSI - Technische Richtlinien TR-03153

Webpage of BSI (in German language)
HAN components for connecting to a smart meter gateway

Evaluation & consulting according to TR-03109-5

For example, the German Regulation for Heating Cost Accounting (HeizkostenV) provides the following in §5 paragraph 2:

„Ab dem 1. Dezember 2022 dürfen nur noch solche fernablesbaren Ausstattungen installiert werden, die sicher an ein Smart-Meter-Gateway … unter Beachtung des in Schutzprofilen und technischen Richtlinien des Bundesamtes für Sicherheit in der Informationstechnik niedergelegten Stands der Technik nach dem Messstellenbetriebsgesetz angebunden werden können.“

(Original legal text)

It is also possible that other devices will fall under similar regulations in the future.

The MTG ITSEF is currently setting up testing operations for TR-03109-5 and the application for recognition has already been submitted. In addition, we will also offer evaluations for the associated scope in the "Accelerated Safety Certification" (see BSZ).

Info on TR-03109-5

BSI - Technische Richtlinen, TR-03109-5

Webpage of BSI ( in German language)

Verordnung über Heizkostenabrechnung - HeizkostenV

Gesetze im Internet ( in German language)

What can we do for you?

For further information feel free to contact us!

pruefstelle@mtg.de+49 6151 8000-0