Renewal of the CSPN-BSZ mutual recognition agreement between ANSSI and BSI

On 15 May 2024, Vincent Strubel, Director General of ANSSI and his German counterpart from the BSI, Claudia Plattner, approved and signed in person the new version of the mutual recognition agreement for security certificates: CSPN and BSZ schemes.

Publish the 24 May 2024 Updated 01 August 2024
Renouvellement de l’accord de reconnaissance mutuelle CSPN-BSZ entre l’ANSSI et le BSI

 

On 15 May 2024, Vincent Strubel, Director General of ANSSI and his German counterpart from the BSI, Claudia Plattner, approved and signed in person the new version of the mutual recognition agreement for security certificates: CSPN (Certification de Sécurité de Premier Niveau) and BSZ (Beschleunigte Sicherheitszertifizierung or Accelerated Security Certification) schemes.

Initially signed in June 2022, the CSPN-BSZ mutual recognition agreement enables reciprocal recognition of this type of security certificates between France and Germany, thus avoiding assessments’ duplication. The agreement also provides for technical cooperation between the two agencies to promote harmonisation of practices harmonized practices, with the aim of minimising exceptions to the agreement.

.

Now based on the recently adopted European standard FiTCEM (Fixed Time Cybersecurity Evaluation Methodology for ICT products, EN 17640), this newest version represents a further step towards global harmonisation for this type of certification schemes. This renewal is in line with the eventual creation of a European certification scheme based on the Cybersecurity Act.

The Federal Office for Information Security (BSI) and the National Cybersecurity Agency of France (ANSSI) publish a new logo under the agreement for the mutual recognition of certificates based on the European standard EN 17640 "Timed Cybersecurity Evaluation Methodology for ICT Products" (FiT CEM). The logo will be visible from August 1, 2024, on new BSZ and CSPN certificates, the associated certification reports, and on the respective certificate list on the website of the issuing certification bodies.

The use of the logo will make it easier for certificate holders to indicate the recognition status and for parties interested in the certificate, such as product users, to verify it. It should be noted that certificates issued before August 1 will not be marked with the logo. The logo is intended solely for use by the issuing certification bodies.

ANSSI and BSI also publish the first application note for the recognition agreement. This note regulates the exceptions to the recognition of certain certificates for products in specific technical or regulatory areas. Certificates that are excluded from recognition by this application note will not be marked with the logo.

No similar agreement exists with any other ANSSI’s partners. This signature thus illustrates the strength of the cooperation between ANSSI and BSI, as well as the high level of trust between the two partners in terms of certification.

 

PDF
Application Note to the Mutual Recognition Agreement of Cybersecurity Evaluation Certificates