The Certification of IT products and systems in Germany is based on the "Act on the Establishment of the Bundesamt für Sicherheit in der Informationstechnik (BSI)" dated 17 December 1990. Rules for the implementation of certification are provided in the "Ordinance on the Procedure for Issuance of a certificate", in the "BSI Schedule of Costs" and various decrees issued by the Federal Ministry of the Interior.
At present, BSI has accredited and licensed, in accordance with ISO/IEC 17025, thirteen Evaluation Facilities (ITSEF) to perform evaluations within the Scheme.
As far as security policies are concerned, the Digital Signature Law is one of the few areas, where Common Criteria (CC) evaluations and certifications are required in Germany. Also, based on an EU-Directive, CC certificates are required for components of Digital Tachographs. CC certificates will increasingly be required for specific government applications (e.g. health sector). The actual requirements are specified by developing appropiate Protection Profiles.
In the BSI Scheme, a large variety of products have been certified. This concerns software and hardware products or combinations of both. One area of particular importance is the certification of smartcard components.
The BSI signed the Common Criteria Recognition Arrangement (CCRA) when it was established in May 2000 as one of the qualified Certification Bodies.
Program title: German scheme and a report about recent developments in the German IT Security maTitlerket.