The BSI Technical Guideline "Secure Broadband Router" (BSI TR-03148) defines basic security requirements for common consumer broadband routers used in the small office and home office (SOHO) sectors, i.e. in private households or micro-enterprises. Router manufacturers are the primary addressee of the recommendations given in the TR-03148. Nevertheless, providers and end users also find valuable information about the state of the art in the TR-03148 (e.g. in the context of a new purchase).

The aim of the Technical Guideline is to define an appropriate level of IT security for consumer devices. This serves to protect the consumer’s IT infrastructure and data, but also to prohibit misuse of these devices to the detriment of third parties (e.g. in the form of DDoS attacks as part of a botnet).

Protective shield and gateway

Today's routers are relatively powerful integrated systems and have the potential to defend themselves successfully against cyber-attacks. As the interface between the internet and private networks, they are particularly important. At best, they fulfil the function of a protective shield in both directions. At worst, they serve as a gateway for attackers and as a starting point for further cyber attacks.

To prevent this, the Technical Guideline formulates concrete requirements for the interfaces and functionalities of a router in order to generate and guarantee a minimum level of IT security for routers.
By complying with these requirements, IT security on the internet can be strengthened in the long term, which ultimately benefits all consumers and providers of services on the internet.

The Technical Guideline is deliberately written in English. Hence, the implementation is easy for developers, who often operate internationally, and furthermore, the introduction of the Technical Guideline into an international discussion or even a harmonisation process in the future is also possible without any difficulty.

Current version

• BSI TR-03148 Secure Broadband Routers Version 1.2 (german version)
• BSI TR-03148-P: Test Specification Version 1.2 (german version)

Supplementary documents

To support the certification process, documents are also provided in editable form. One is an editable Implementation Conformance Statement (ICS), which is filled out by the applicant of a test. The other is a table that serves to document the implementation and the results of the individual test cases (testing procedures). Both documents are not normative in nature and are only intended to provide practical assistance for the application of the test specification.

• BSI TR-03148 Implementation Conformance Statement (ICS)
• BSI-TR-03148-P ICS and Test Documentation

IT Security Label

In addition to the certification procedure described below on this website, the TR is used as the underlying standard for the product category "broadband router" for granting the IT Security Label. Manufacturers and service providers can label their IT products with the IT Security Label of the BSI. By doing so, they guarantee that their products have certain security features.

On the BSI website, you can access general information for manufacturers on the IT Security Label as well as the documents for applying for an IT Security Label.

A list of IT Security Labels already granted in the product category "broadband router" is available online: List of issued IT Security Labels

Certification

The certification of a broadband router can provide independent proof of compliance with the requirements of the Technical Guideline. The test specification as well as the requirements for TR examiners described in the document " Kompetenzfeststellung: Programm im Bereich Technischer Richtlinien (TR) TR-Prüfer 2.9" form the basis for the certification.

Manufacturers who are interested in certifying their product can contact the BSI directly. Use the information and contact details on our page for product certification according to Technical Guidelines.

Competence assessment

The competency assessment is required if you want to act as an examiner for accredited testing laboratories or certified IT security service providers. Please find general information and contact details on our page on competency assessment and personal certification.

Please find the concrete requirements for TR auditors in the area of "Broadband Router" in the document Competency Assessment: Programs in the area of Technical Guidelines.