We are proud to announce that atsec Sweden is officially approved by BSI (German Federal Office for Information Security) as a laboratory for BSI-NESAS evaluations.
This achievement comes in addition to atsec Germany’s earlier approval, further strengthening atsec’s role as a trusted partner for telecom security certification.
With both our German and Swedish labs now approved, atsec can support vendors with independent Security Assurance Specification (SCAS) evaluations under BSI and GSMA schemes, helping ensure that telecom products meet baseline security requirements.
As of July 1 2025, BSI published a revised version (2.0) of its BSI NESAS certification scheme, aligning it with NESAS version 3.0 from GSMA. Key updates include:
- Renaming the scheme: The program is now officially titled BSI-NESAS, replacing the previous “NESAS CCS-GI” nomenclature.
- Adjusted testing scope: Assessments can now be limited to the threats mitigated by the network product. As a result, test cases that do not map to any mitigated threats may be omitted.
- Minimum list of test cases specified: The BSI now specifies which test cases must be included in each evaluation. Examples of these tests include TC_NO_UNUSED_SOFTWARE, TC_NO_UNUSED_FUNCTIONS, TC_BVT_PORT_SCANNING, TC_BVT_VULNERABILITY_SCANNING, TC_BVT_ROBUSTNESS_AND_FUZZ_TESTING.
- Introduction of a vulnerability assessment methodology: The evaluation facility must assess available information on vulnerabilities. The detailed assessment process is based on the methodology of the Common Vulnerability Scoring System (CVSS).
- Clarification of test environment requirements: Explanations are now provided that enable testing activities to be conducted outside the evaluation facility’s premises.
With these updates, BSI is providing clearer guidance on testing scope, required test cases, vulnerability assessments, and test environment requirements. The updated scheme allows evaluations to be both accurate and practical. atsec is well-positioned to support vendors in achieving mandatory certification requirements that will take effect from January 1 2026.
For more information about our NESAS services, please visit our website BSI-NESAS and GSMA NESAS.
