BSI - Federal Ministry for Security in Information Technology
The German Federal Ministry for Security in Information Technology (BSI) is the top authority for questions on IT security. It started operating in 1991 and is located in Bonn.
The BSI's Legal framework comprises of the law for the construction of the Federal Agency for Security in Information Technology, out of which the Law for Enforcing Security in Information Technology was developed in 2009. This law is still valid within the BSI today.
Tasks of the BSI Federal Ministry for Security in Information Technology:
The BSI is organised in 5 subdivisions: Division B (advice and coordination), Division C (cyber security), Division KT (crypto-technology), Division S (secure identities, certification and standardisation) und Division Z (central tasks).
Under § 3 of BSI law, the tasks of BSI are defined as:
- defence against security hazards in information technology in Germany
- collation and analysis of security risks
- study of security risks and development of safety measures
- development of criteria and procedures for the checking and assessment of security in information technologies
- checking, assessment and distribution of security certificates, as well as confirming the comfortability of IT systems
- checking, assessment and approval of IT systems, which work with and transfer secret official information
- establishment of cryptographic and security management systems
- supporting, preparing and running technical checks
- developing technical security requirements for the national information technology
- provision of IT security products for national positions
- supporting the police force, prosecuting authorities, protection of constitution agencies and intelligence services
- advice and warning in security technology questions
- setup of appropriate communication structures for early detection of, reaction to and overcoming crises.
The BSI Federal Ministry for Security in Information Technology as certifying authority
Under § 9 (1) of BSI law, the Federal Ministry for Security in Information Technology is defined as the national certifying authority for IT security in federal administrations. The details of the functions of the certifying authority are laid out in the "Procedures, handing out security certificates and the federal recognition of security in information technology (BSI certification and recognition regulations act" (BSIZertV).
See also: IT Security
, Common Criteria