SP/1 Version 12 TÜV Certified as Trusted Product
-
16.07.2024Kay Andorf

Like the previous main versions of symmedia SP/1, Version 12.0.0 has been tested by TÜViT and awarded the “Trusted Product” certificate.
symmedia SP/1 thus continues to meet the product-specific security requirements as well as the requirements according to Security Assurance Level SEAL-3. The validity of the certificate is from Jan. 18, 2024 to Jan. 18, 2026 and for all future minor versions within the major version 12.
The test contains all criteria according to SEAL-LEVEL 3 of the “Trusted Product” test.
These include:
Technical safety requirements:
These must be clearly documented and verifiable, based on ISO/IEC 17007, and meet the specific product requirements.
Architecture and design:
The product must be comprehensibly structured, without conceptual weaknesses, and implement appropriate hardening and protection measures.

Development process:
A defined development lifecycle is required that includes phases such as planning, implementation, and maintenance, with special emphasis on vulnerability remediation and security testing.
Vulnerability analysis and penetration tests:
The product must be robust enough to pass penetration tests and have no exploitable vulnerabilities.

In addition to these testing areas, they also considered and checked further product-specific safety requirements:

Identification & Authentication
This aspect checks whether the product provides mechanisms for the secure identification and authentication of users or entities.
This means that only authorized users can access the system and that fake authentication data is detected and misuse is prevented. This increases the security and integrity of the data and prevents unauthorized access.

Restricted, role-based (RBAC), Access Control
Role Based Access Control (RBAC) is an access rights management system in which users are granted access to resources based on their roles in the organization. It helps to enforce security policies by ensuring that only authorized users can access certain data or applications. RBAC is important because it simplifies the management of user rights, reduces the risk of unauthorized access and supports compliance requirements.

Secure Transport Encryption
This check concerns the encryption of data during transmission via networks, e.g. using SSL / TLS. The implementation of secure transport encryption ensures that sensitive information is protected against interception and manipulation during transmission.
SP/1 version 12 is based on the latest version of transport encryption, TLS version 1.3.
With the support of TLS version 1.3, the product supports the encryption standard according to IT basic protection and the recommendations of the Federal Office for Information Security (BSI) for cryptographic procedures (see: here)
Our customers benefit from increased confidentiality and integrity of their data during transmission, which minimizes the risk of data misuse or manipulation.

Data Flow Control
This aspect checks whether the product has implemented mechanisms to control and monitor the data flow. This includes, for example, checking and filtering incoming and outgoing data to ensure that only authorized data from approved connections is transmitted and potentially harmful or unwanted data is blocked.
The advantage for the customer lies in the improved control over the data flow, which increases the security and integrity of the data and reduces the risk of data breaches.

Logging / Audit Trail
This check relates to the implementation of logging and audit trail mechanisms that enable activities in the system to be logged and monitored.
This allows user activities to be tracked and monitored, which increases transparency and helps to detect security incidents or compliance violations.
Prologging is used here, a procedure in which log entries are provided with hash values, making it more difficult to manipulate log data, which increases integrity and improves the reliability of system monitoring.
Customers benefit from improved traceability and can effectively investigate and respond to security incidents, which increases the overall security of the system.
We are happy to support you in your update processes. Our consulting team will be happy to answer any further questions you may have.
