KORTHEXkorthex.flowence.cc

Compliance / BSI

BSI Cryptography Compliance (TR-02102)

The BSI channel carries 16 rules curated from BSI TR-02102-1, the German federal office's cryptographic recommendations: key-size floors, approved hashes and modes, and quantum-safe hybrid guidance. Rules are tagged against BSI TR-02102 and NIS2, so one finding serves both the German baseline and the EU directive.

What TR-02102 requires

  • RSA and discrete-log systems: at least 3000 bit
  • Elliptic-curve cryptography: at least 250 bit
  • Hashes: SHA-256 or stronger; MD5 and SHA-1 out
  • Authenticated encryption modes over bare CBC / ECB
  • Quantum-safe hybrid key exchange recommended for new systems
  • TR-02102-2 applies the same logic to TLS configuration

The Korthex BSI channel

16 hand-curated rules from TR-02102-1, second in the authority priority order, re-checked on the 24-hour cycle and shipped as signed updates. Because BSI co-carries the NIS2 tag with ANSSI, EU critical-infrastructure operators activate exactly these two channels to grade against the directive's state-of-the-art expectation.

Beyond the baseline: Grundschutz evidence

TR-02102 defines the numbers; IT-Grundschutz building block CON.1 demands the documented Kryptokonzept around them. The BSI IT-Grundschutz deep dive covers how the CBOM serves as the living inventory annex to that concept.

Frequently asked questions

How does the BSI channel relate to IT-Grundschutz?

The channel grades algorithms against TR-02102-1. IT-Grundschutz (CON.1 Kryptokonzept) is the process framework around it; the dedicated Grundschutz page covers the evidence workflow.

Does the BSI channel help with NIS2?

Yes. BSI rules carry the NIS2 framework tag (alongside ANSSI), so findings translate directly into NIS2 state-of-the-art evidence for critical-infrastructure operators.

Are reports available in German?

Reports are in English; every finding carries the TR-02102 reference regardless of language, and German requirement identifiers are preserved verbatim.