HarfangLab certified by the BSI

What are the BSI’s missions? 

BSI: The BSI’s mission can be summed up in a single sentence: we make Germany resilient to cyber threats and make security a factor for success in digitalization. The BSI delivers BSZ certification, which allows solution publishers to have their product’s security level validated by an independent body.

What does BSZ certification involve? 

BSI: The BSI’s IT security certification follows a three-partner model: in addition to the manufacturer as the applicant for certification and the BSI as the certification body, an independent IT security evaluation facility (ITSEF) oversees evaluating the product to be certified. Applicants must therefore both guarantee the security of their product and formally document the product’s security perimeter. 
Obtaining BSZ certification involves three phases: an application phase, an assessment phase, and a decision phase. During the application and preparation phase, the applicant provides the documentation, and the certification body verifies the product’s compliance with the prerequisites for BSZ certification. The evaluation phase begins with a joint kick-off meeting between the three parties involved, during which the evaluation body (ITSEF) runs a series of compliance and penetration tests. 
Finally, based on the evaluation report, the BSI makes a certification decision. 

Jürgen Bauer: HarfangLab had already carried out a similar exercise by obtaining ANSSI CSPN certification in 2020 and 2024. 
While the procedures are relatively similar, representing cooperation between France and Germany to create as much convergence as possible, passing BSZ certification requires consistent compliance with rigorous security standards and monitoring. The standards cover a variety of aspects, spanning the control and traceability of open-source components integrated into solutions, cryptographic robustness, and the accuracy of instructions given to users to ensure the security of their use. BSZ certification tests not only the intrinsic security of the certified solution, but also all the processes and practices put in place to guarantee this security over time.

What does this BSI certification mean for HarfangLab users? 

BSI: BSZ certification focuses on the risks targeting digital solutions. It is a demanding procedure, but also a streamlined one, designed to reduce the duration of individual certification procedures and make them more predictable. BSZ certification includes a series of compliance tests and penetration tests that aim to confirm both the product’s compliance with certification requirements and its resistance to attacks.By certifying digital solutions, we can identify and correct any vulnerabilities at an early stage, thereby strengthening IT security. A BSZ certificate is valid for two years, unless new vulnerabilities are discovered in the meantime. To extend the validity of a BSZ certificate, a new certification is required.

J.B.: From the moment we designed our EDR, we have focused on developing a high-performance platform. This performance has enabled us to gain the trust of our users, and it has been validated by the certifications we have obtained in France by the ANSSI and now in Germany by the BSI. In short, this BSI certification once again attests to our commitment to meeting the most stringent security standards. For our users, it ensures that they can build their cyber stack independently while relying on a state-of-the-art platform.