BSPA | Assessment for BIO compliance

Use our Baseline Security Product Assessment (BSPA) Service to demonstrate compliance of your products against the Dutch BIO Framework (Baseline Informatiebeveiliging Overheid).

BSPA Certification Scheme for BIO compliance

The Baseline Security Product Assessment (BSPA) is a certification scheme developed by the Nationaal Bureau voor Verbindingsbeveiliging (NBV) that is part of the Dutch intelligence and Security Service (AIVD). It is specifically designed to demonstrate compliance against BIO.

The goal of BSPA is to provide a framework in which products can be tested in a limited timeframe against limited cost. This certifications scheme is suitable for hardware and software components that are used in the sensitive, but unclassified domain.

The scope of BSPA includes:



Network security

VPN, link encryption, Wi-Fi access point, etc.

Network filtering, detection and response

IDS, firewall, SSL proxy, etc.

Secure messaging

Secure mail, secure chat-app, secure voice-call-app etc.

Media and file security

Full disk encryption, container encryption, file encryption, data erasure, etc.

Identity and access management

Password manager, key­ management and distribution, two-factor authentication, access control and federation, etc.

Secure OS execution environment

Secure-OS, secure-hypervisor, micro-kernel, separation kernel, etc.

Hardware and embedded software

HW-based encryption, HW-based secure-boot, USB device, keyboard (KVM-) switch, smart-meter, tamper resistant device, etc.

Smart cards and similar devices

Secure ICs, JavaCards, transportation/access cards, etc.

Fact Sheets & White Papers


BSPA Assessment for BIO Compliance

Overview of BSPA and our services. Fact Sheet


More Information

Would you like to learn more about our BSPA Service? Please fill out the form below, and we will contact you within one business day.



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.