Is BSI approval the ultimate security guarantee?

What do we mean when we talk about security technology being “certified by the BSI”? And how is it that different to a technology being “BSI approved” for the transport of highly confidential and classified data? Let’s find out more about industry standards and data security.
Uli Schlegel

Is BSI approval the ultimate security guarantee?

In the face of new and ever-evolving threats to data in transport, enterprises, governmental organizations and financial institutions are having to deploy robust security solutions. They need encryption technology that can protect data in-flight without increasing latency and hampering throughput. Thankfully, there’s a way for operators to be sure they are using the most reliable encryption technology to safeguard sensitive data, and that's to select solutions with accreditation from key cybersecurity bodies.

Common Criteria

Like FIPS 140-2, Common Criteria (CC) is an internationally recognized security-product certification program. These security certifications are the standards that network operators look for when building or upgrading network infrastructure for data transport security. It shows that products have undergone testing and evaluation by an established third party. With seven security levels, the CC’s EAL scale provides a framework for operators to identify that a system provides the appropriate level of protection for the requirements of a specific application.

Vendors can make their own claims about the performance of their solution, but if it has CC certification, operators can be sure that hardware and software will perform in line with (or exceed) certain internationally agreed data security standards.

While other vendors have managed to achieve the lower levels of CC certification issued by the BSI, they haven’t necessarily undergone the depth of inspection necessary for BSI approval to carry confidential data.

CC certification and the BSI

Evaluations are performed by a licensed laboratory. If it’s passed, the national certification body will issue the corresponding CC certification. The BSI is Germany's federal office for information security and the body that awards CC certification in Germany.

One of the other roles of the BSI is to evaluate security products and systems and approve equipment for its various attributes so that it can be officially used in German government networks that carry classified information. This process involves not only scrutinizing the technology itself – including in-depth product lifecycle analysis and evaluation of the source code in an attempt to identify weaknesses – but also by looking closely at the vendor. The BSI evaluates the vendor’s R&D processes, its personnel systems, etc. By doing this, it can judge the security of a product in the context of the company behind it. 

Only one choice for highly confidential data

It’s really a misnomer to talk about BSI certification. While other vendors have managed to achieve the lower levels of CC certification issued by the BSI – proving that their encryption solutions do have a good level of security – they haven’t necessarily undergone the depth of inspection necessary for BSI approval to carry confidential data. 

ADVA is the only supplier to have gone further than the rest by achieving BSI approval to transport restricted data up to the German government’s VS-V level (classified) and NATO confidential level. This means we’re the only WDM transport technology vendor on the planet fully approved by the BSI to carry highly confidential German data. This is also key for transporting NATO data as well as classified communications between EU member states. And that’s what sets our Layer 1 solution apart from the competition. 

Nothing out there can match the proven security of our FSP 3000 ConnectGuard™ Optical encryption solution with its CC certification, FIPS 140-2 compliance and its BSI approval up to VS-V level. It delivers Layer 1 encryption, which is the most comprehensive form of data protection as it also safeguards all higher layer in the OSI stack. ConnectGuard™ Optical secures data in motion with minimal operational effort and the highest levels of performance. For network operators looking for state-of-the-art protection that meets the highest international independent standards, there’s still only one choice.

Related articles