Qualified DDoS protection: Myra fulfills all 37 BSI requirements

MYRA NEWS | 28 July 2021

The German Federal Office for Information Security (BSI) has updated its overview of qualified DDoS mitigation service providers. Myra Security is once again listed as one of the leading providers that fulfills all 37 performance criteria.

From 24/7 support to ISO 27001 certification

As the national government agency for IT security, one of the key responsibilities of the BSI is to advise and support operators of critical infrastructure (KRITIS) on how to secure their IT systems. As a guide, the Federal Office has created a List of Qualified DDoS Mitigation Service Providers that can help to prevent DDoS attacks or assist in the case of major attacks following a multistage and competition-neutral selection process.

The performance requirements listed by the BSI cover the areas of service offerings, general information on the service provider, and attack and filtering options. The individual criteria range from 24/7 accessibility to requiring that data centers in Germany have ISO 27000 certification.

Other examples of the criteria include:

  • DDoS filter to protect common services (web, email, VPN, and DNS)

  • Provision of services also for non-existing customers

  • Recognition of human users/use of CAPTCHAs

  • Traffic diversion using DNS/BGP

  • Optional traffic diversion in case of an attack

  • Handling of encrypted connections

  • Two-factor authentication for user platforms

Myra offers highly certified quality

Beyond all 37 basic BSI performance requirements, Myra has many more quality features to show. For example, Myra technology is additionally certified by the BSI to the Standard ISO 27001 auf Basis von IT-Grundschutz. Only 121 companies worldwide have received this certification. All our certifications were carried out in this country and apply to infrastructures in Germany.

As a specialist provider for sensitive sectors such as critical infrastructure, healthcare and the financial industry, it goes without saying that Myra fulfills the same stringent IT security requirements as our customers. That’s why Myra regularly has itself audited by independent testing organizations. Most recently, we again demonstrated our KRITIS competence in a voluntary audit. The audit, which lasted several days, showed that Myra had successfully implemented all the comprehensive protective measures – for example, with regard to IT compliance, business continuity management and ISMS – and fulfilled the security standards in accordance with Section 8a of the BSI Act (BSIG).

Our certifications at a glance

  • BSI qualified: The BSI catalog contains 37 wide-ranging requirements for DDoS protection providers to qualify for critical infrastructure protection. As one of the leading providers, Myra fulfills all 37 criteria.

  • ISO 27001 based on IT-Grundschutz (IT baseline protection): This exacting form of ISO 27001 confirms Myra’s successful implementation of comprehensive measures to protect the company’s IT. Our information security management system (ISMS) ensures the confidentiality, availability, and integrity of all information at the highest level.

  • PCI DSS certified: This certification allows us to securely process over 10 billion euros in credit card transactions annually via Myra’s infrastructure in accordance with the Payment Card Industry Data Security Standard. Not only are we “PCI DSS compliant,” we also have five fully “PCI DSS certified” sites.

  • BSI C5 (in progress): With the C5 attestation, Myra will demonstrate that our cloud services meet all minimum information security requirements in accordance with the BSI Cloud Computing Compliance Criteria Catalog (BSI C5). Customers can use the C5 attestation report as a basis for conducting their own risk analysis.

  • Trusted Cloud in accordance with the Federal Ministry for Economic Affairs and Energy (BMWi): Myra fully satisfies all of the requirements for transparency, IT security, data protection, and legal security associated with the Trusted Cloud label. Our customers can be sure that the confidentiality and security of their data are maintained.

  • Compliant with GDPR and the IT Security Act (IT-SIG)

Related articles