How does the BSI certification of the technical security system (TSS) work?

Johannes Ferner

CEO

9/30/20201 min read

Johannes is a visionary fintech leader and popular speaker at industry events. As the driving force behind fiskaly, he propels our mission to simplify fiscalization with innovative, compliant solutions.

What is a protection profile?

The BSI (Federal Office for Information Security) specifies in protection profiles which technical requirements must be met in order to achieve the objective of the KassenSichV. The security profiles describe security objectives and requirements according to the security functions of the components. However, the product-specific specification is made by the manufacturer. tse_smaers_csp-schaubilder-zertifizierung

How is the certification of the technical security system (TSS) carried out?

The CSP-L and the SMAERS components are certified independently of each other. In the process, the compliance of the components with the protection profiles is checked by an evaluator (a company accredited by the BSI). The evaluation report is then forwarded to the BSI for review.

With a positive conclusion, the components each receive a certificate. Finally, the components in the network (= technical security system) are tested by the TR test. If the TSS is correct and implemented according to the applicable requirements, it is certified.

When evaluating the SMAERS component, there are strong synergies with the TR test, i.e. the TR test can only be passed positively if the SMAERS component has also been positively evaluated. Therefore, after receiving the SMAERS certificate, the final TSS certification can be expected soon. The BSI issues the certification, which must be renewed every five years.