PRESS RELEASE
Secura is recognized as a licensed laboratory for the Baseline Security Product Assessment (BSPA) program
August 2018
Secura is recognized by the General Intelligence and Security Service as a licensed laboratory to perform evaluations within the Baseline Security Product Assessment (BSPA) program. The recognition is granted on the successful completion of a pilot evaluation project.
The BSPA is a product assessment scheme managed by the Netherlands National Communications Security Agency (NLNCSA) aka Nationaal Bureau voor Verbindingsbeveiliging (NBV), a cyber-defense business unit of the Dutch Intelligence and Security Service (AIVD). The BSPA scheme provides a framework where products can undergo a basic security assessment in a constrained time frame and with limited resources with maximum of 25 man-days. The scheme is a response to the growing demand for secure commercial products that adhere to the Baseline Informatiebeveiliging Rijksdienst (BIR: 2017 up to BBN2) that governmental organizations have to comply with.
“We are pleased to be licensed by the AIVD to provide BSPA services,” said Erwin Jansen, Manager Service Line Certification Services and Advisory & Audit at Secura. “In this way we can help our customers throughout the whole process of the BSPA evaluation, starting from a preparatory stage, continuing with the testing itself and of course supporting the full certification process.”
Secura also provides BSPA pre-validation in order to assess the product on readiness for official BSPA evaluation. This announcement reconfirms the role and responsibility of Secura to test against defined security specifications in a limited timeframe and have the expertise necessary to evaluate the product in question. Erwin adds: “BSPA is another great example how a framework and further standardization can help the industry to move forward and evaluate products in a defined, structured and consistent way.”
As result of the BSPA process, Secura generates the Evaluation Technical Report (ETR), including the evaluation results and conclusions. Together with the ETR, we produce a draft of the Deployment Advisory (DA) for your product, which NLNCSA will review. The recommendations in this DA for the users is the primary benefit of the BSPA. The DA includes a Statement of Conformity (SoC) to the Security Evaluation Target (SET). The BSPA Statement of Conformity for your product is a demonstration of its security capabilities. Obtaining the Statement of Conformity could lead to a considerable market advantage for manufactures, especially in case of targeting the Dutch market. For government agencies, this Statement of Conformity gives a clear indication about the evaluated security features compared to the Security Evaluation Target (SET) and that the evaluated product complies to the BIR up to BBN2.
For more information and questions about the BSPA process, please contact Erwin Jansen, Manager Service Line Certification Services and Advisory & Audit: erwin.jansen@secura.com.
Please also refer to our dedicated BSPA paper for more details.