The modular NoSpamProxy suite for email security is the first and so far only email security product to be certified by the German Federal Office for Information Security (BSI) in accordance with the Accelerated Security Certification (BSZ) procedure. The BSI is the federal government’s cyber security authority and an important driving force for IT security in the economy and, in particular, at all levels of public administration.
Accelerated security certification (BSZ) with real attack scenarios and pentests
The certification of NoSpamProxy by the BSI was carried out according to the Accelerated Security Certification (BSZ) procedure, which, in contrast to other certifications, includes intensive testing with real attack scenarios and penetration tests. Previously, only hardware-based products, so-called security appliances, were certified within the BSZ framework. At the initiative of Net at Work, a security product that is delivered as software based on Windows Server and is available as an on-premises and cloud solution was tested for the first time in a pilot procedure. The test focused in particular on the administration module (NCC) and the core modules Protection and Encryption.
Test laboratory finds no vulnerabilities
The certification was based on NoSpamProxy Server, which is developed on a shared code base with the cloud version of NoSpamProxy. After extensive and time-consuming testing by the test laboratory, no vulnerabilities were found. The certification by the BSI thus provides potential users with a clear and comprehensible representation of the security performance of the product used, a reliable statement about its resilience and a guarantee that they will be provided with security updates from the manufacturer over a defined period of time in the event of newly identified vulnerabilities.
Independent specialists test cryptographic functions and procedures
At the BSZ, complete products are tested in a typical application scenario and in a secure configuration specified by the manufacturer. In this case, the implementation of the cryptographic functions and procedures used in the product were also examined for errors and vulnerabilities by the BSI-approved testing body secuvera, an independent IT security specialist with a recognized high reputation. The test thus confirms the actual provision of the promised security.
„As a manufacturer from Germany, we are very pleased that NoSpamProxy Server was the first product for email security to be successfully certified by the BSI according to BSZ. It provides our customers – especially in the public administration of federal, state and local authorities – with transparency and independent confirmation of the high security standards that NoSpamProxy offers. Our product combines low effort for users and administrators with the highest security performance, making it the first choice for administrations and companies that have to meet the increased requirements of the NIS2 directive coming in October 2024.“
The certificate, the certification report and other accompanying documents can be viewed at https://www.nospamproxy.de/en/bsz.
Comprehensive information about the Accelerated Security Certification and a list of all BSZ-certified products can be found on the BSI website.
*) NoSpamProxy Server version 14.0.5.62 was used for the BSZ test and the issued certificate, test report and other documents from the BSZ refer to this version.
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!