Catalogue of Security Requirements determined
Date of issue 2021.08.25
The Bundesnetzagentur has today determined the Catalogue of Security Requirements in agreement with the Federal Office for Information Security (BSI) and the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
"The new requirements secure the telecommunications networks and protect them from threats,
" said Jochen Homann, Bundesnetzagentur President. "Our determinations are a crucial contribution to high information security in telecommunications networks.
"
"These determinations attain a very high level of technological security,
" said Arne Schönbohm, BSI President. "The way that the different authorities have worked together shows how successfully information security can be positioned in the digital transformation if it is taken into consideration from the start.
"
Implementing the IT-SiG 2.0
The security requirements were determined on the basis of new areas of competence conferred by the IT Security Act 2.0 (IT-SiG 2.0). The Catalogue of Security Requirements covers various potential risks and requires network operators and service providers to meet strict security requirements.
The determinations in the catalogue classed operators of public telecommunications networks for the first time as having an increased risk potential. They are subject to particular security requirements as set out in Annex 2 of the catalogue.
List of critical functions
Technological advances are also associated with the implementation of critical functions and a particular risk situation. The Catalogue of Security Requirements lists these functions, which are used to identify critical components in the networks. Critical components in the networks are particularly worthy of protection and subject to additional legal requirements, such as mandatory certification.
Critical functions include core network functions such as authentication, roaming and session management functions for end-users; data transport functions for end-user equipment; access policy management; registration and authorisation of network services; storage of end-user and network data; connection with mobile networks of third party providers and exposure of core network functions to external applications.
The Catalogue of Security Requirements and the list of the critical functions are available on the Bundesnetzagentur website at www.bundesnetzagentur.de/sicherheitsanforderungen.