BSPA Evaluation


The Baseline Security Product Assessment (BSPA) is a certification scheme developed by the Nationaal Bureau voor Verbindingsbeveiliging (NBV) that is part of the Dutch intelligence and Security Service (AIVD). AIVD is therefore the operator of the scheme.

Logo rijksoverheid svg

The goal of this scheme is to provide a framework in which products can be tested in a limited timeframe (and cost) against a baseline of security requirements (Government security baseline). Products can include both hardware and software components that are used in the sensitive, but unclassified domain. Under Dutch internal legislation, governmental institutions need to demonstrate compliance against the BIO norm, including for the IT products they use in their work environment. The BSPA scheme was designed specifically to fulfil this need. Therefore the BSPA scheme is attractive for Dutch governmental bodies, but also for product manufacturers who are interested in obtaining a security specific certificate for their products.

Various types of products can be evaluated and certified under the BSPA scheme. The scope includes the following categories:


Product category

Examples

Network security

VPN, link encryption, Wi-Fi access point, etc.

Network filtering, detection and response

IDS, firewall, SSL proxy, etc.

Secure messaging

Secure mail, secure chat-app, secure voice-call-app etc.

Media and file security

Full disk encryption, container encryption, file encryption, data erasure, etc.

Identity and access management

Password manager, key­ management and distribution, two-factor authentication, access control and federation, etc.

Secure OS execution environment

Secure-OS, secure-hypervisor, micro-kernel, separation kernel, etc.

Hardware and embedded software

HW-based encryption, HW-based secure-boot, USB device, keyboard (KVM-) switch, smart-meter, tamper resistant device, etc.

Smart cards and similar devices

Secure ICs, JavaCards, transportation/access cards, etc.


Fact sheets

BSPA

Overview of BSPA and our services.

Download fact sheet file_download
Secura Contact Shape
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.