The BSI (Federal Office for Information Security) specifies which technical requirements have to be met in order to achieve the goal of the KassenSichV. Firstly, through the technical guidelines for the TSS and secondly through the protection profiles for SMA (Secure Module Application) and CSP (Crypto Service Provider).
The BSI specifies the requirements to be met by the TSS manufacturer. A company accredited by the BSI (evaluator) validates the implementation of the product.
Evaluators are the certified test centres for evaluation according to the Common Criteria specifications. In Germany, there are seven evaluation bodies that have been accredited by the BSI and are allowed to carry out this examination:
- atsec information security GmbH
- Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI) GmbH
- MTG AG
- secuvera GmbH
- SRC Security Research & Consulting GmbH
- T‑Systems International GmbH
- TÜV Informationstechnik GmbH
The BSI certification comes into play only after the evaluation is completed. Here, the BSI confirms that the system of the technical security system has been correctly implemented in accordance with the applicable regulations.