What is BSI approval?

Data in motion is vulnerable

Cyberattacks have a high cost – and not just from the loss of sensitive data. Reputational damage and regulatory penalties may have a much more harmful impact. Data in motion, for example information travelling between data centers or central offices, is especially vulnerable to malicious attacks. Layer 1 encryption, which is integrated into the DWDM transport equipment, has proven to be a robust and cost-efficient solution to secure data in motion. But how can companies be sure that the solution they buy can really secure their data and live up to its claims?

Data integrity assurance

Certified and approved Layer 1 encryption technology, compliant with the strictest regulatory requirements, is the most effective way to safeguard data in motion against unauthorized access.

As of today, our FSP 3000 is the only DWDM equipment that has achieved BSI approval.

Full data protection and performance

With 100% throughput and ultra-low latency, Layer 1 encryption is protocol-agnostic and protects data at all layers in the network stack with maximum performance.

Standards for security certification

There are several standards for security certification. They define the certification process, criteria, and evaluation methods to determine the fulfillment of particular security properties to a certain security level. For certification of Layer 1 encryption solutions, the most relevant standards are the Common Criteria for Information Technology Security Evaluation (CC) and the Federal Information Processing Standard 140-2, also known as FIPS 140-2. System vendors interested in obtaining a certificate of compliance up to a specific security level will perform the corresponding tests in a licensed laboratory. If tests are passed, the corresponding agency will issue a certificate. In Germany, the Common Criteria certification is issued by the German Office for Information Security (In German, Bundesamt für Sicherheit in der Informationstechnik or BSI).

Approval from the BSI ensures highest level of security

The BSI approval process has a holistic approach; it investigates not only the security of the product under evaluation but also the vendor’s processes.

BSI approval goes above and beyond

The BSI has defined a different and much more exhaustive evaluation process to allow a vendor’s system to transport German classified data. Furthermore, and contrary to Common Criteria certification, the BSI selects the vendors’ systems that will be tested and performs the tests in their own labs based on the demands of one or more federal agencies. Systems that successfully pass this evaluation process receive BSI approval for transport of classified data. FSP 3000 encryption cards have BSI approval to be used for the transport of German classified data up to the VS-V level, as shown in the BSI official website. This approval also allows the use of ADVA FSP 3000 equipment for the transport of EU and NATO classified data. As of today, the FSP 3000 is the only DWDM equipment that has achieved this level of BSI approval. This proves that ADVA’s solution offers the most robust and reliable Layer 1 encryption on the market.