BSI - Federal Ministry for Security in Information Technology
The German Federal Ministry for Security in Information Technology (BSI) is the country's top IT security authority. It started operating in 1991 and is located in Bonn.
The BSI's Legal framework consists of the law for the construction of the Federal Agency for Security in Information Technology, out of which the Law for Enforcing Security in Information Technology was developed in 2009. This law is still valid within the BSI today.
Tasks of the BSI Federal Ministry for Security in Information Technology:
The BSI is organized into 5 subdivisions: Division B (advice and coordination), Division C (cyber security), Division KT (crypto-technology), Division S (secure identities, certification and standardisation) und Division Z (central tasks).
Section 3 of BSI law defines its tasks as:
- defense against security hazards in information technology in Germany
- collation and analysis of security risks
- study of security risks and development of safety measures
- development of criteria and procedures for the checking and assessment of security in information technologies
- checking, assessment and distribution of security certificates, as well as confirming the comfortability of IT systems
- checking, assessment and approval of IT systems, which work with and transfer secret official information
- establishment of cryptographic and security management systems
- supporting, preparing and running technical checks
- developing technical security requirements the national information technology
- provision of IT security products for national positions
- supporting the police force, prosecuting authorities and protection of constitutional agencies and intelligence services
- providing advice and warning regarding technological security
- setting up appropriate communication structures for early detection of, reaction to and overcoming crises.
The BSI Federal Ministry for Security in Information Technology as a certifying authority
Under section 9 (1) of BSI law, the Federal Ministry for Security in Information Technology is designated as the national certifying authority for IT security in Germany. Details about the functions of the certifying authority are laid out in the "Procedures, handing out security certificates and the federal recognition of security in information technology (BSI certification and recognition regulations act" (BSIZertV).
See also: IT security
, common criteria