Select Page
Back to overview

Reading Time: .

The German Federal Office for Information Security (BSI) has updated its overview of qualified DDoS mitigation service providers. Myra Security is again listed as the only provider in the world that fully complies with all 37 enumerated performance requirements. Myra has thus remained the undisputed leader of the BSI comparison for years.

From 24/7 support to ISO 27001 certification

As the national government agency for IT security, one of the key responsibilities of the BSI is to advise and support operators of critical infrastructure (KRITIS) on how to secure their IT systems. As a guide, the Federal Office has created a List of Qualified DDoS Mitigation Service Providers that can help to prevent DDoS attacks or assist in the case of major attacks following a multistage and competition-neutral selection process.

The performance requirements listed by the BSI cover the areas of service offerings, general information on the service provider, and attack and filtering options. The individual criteria range from 24/7 accessibility to requiring that data centers in Germany have ISO 27000 certification.

Other examples of the criteria include:

  • DDoS filter to protect common services (web, email, VPN, and DNS)
  • Provision of services also for non-existing customers
  • Recognition of human users/use of CAPTCHAs
  • Traffic diversion using DNS/BGP
  • Optional traffic diversion in case of an attack
  • Handling of encrypted connections
  • Two-factor authentication for user platforms

Myra offers maximum certified quality

In addition to all 37 basic performance criteria stipulated by the BSI, Myra also offers many other quality features. For example, Myra technology is also certified by the BSI to the standard ISO 27001 based on IT-Grundschutz (IT baseline protection). Only 121 companies worldwide have received this certification, which is the highest of its kind. All of our certifications were received in this country and apply to our infrastructures in Germany.

As a specialist service provider for such sensitive sectors as critical infrastructure, healthcare, and the financial industry, it goes without saying that Myra meets the same stringent IT security requirements as our customers. Myra is therefore regularly audited by independent auditors. Most recently, we confirmed our competence in critical infrastructure again in a voluntary audit. The audit, which lasted several days, showed that Myra had successfully implemented all the comprehensive protective measures – such as those relating to IT compliance, business continuity management, and ISMS – and complied with the highest security standards in accordance with Section 8a of the BSI Act (BSIG).

Our certifications at a glance

  • BSI leader: The BSI catalog contains 37 far-reaching requirements for DDoS protection providers to qualify for the protection of critical infrastructure. Myra is the world’s first and only provider to fulfill all 37 criteria.
  • ISO 27001 based on IT-Grundschutz (IT baseline protection): This exacting form of ISO 27001 confirms Myra’s successful implementation of comprehensive measures to protect the company’s IT. Our information security management system (ISMS) ensures the confidentiality, availability, and integrity of all information at the highest level.
  • PCI DSS certified: This certification allows us to securely process over 10 billion euros in credit card transactions annually via Myra’s infrastructure in accordance with the Payment Card Industry Data Security Standard. Not only are we “PCI DSS compliant,” we also have five fully “PCI DSS certified” sites.
  • BSI C5 (in progress): With the C5 attestation, Myra will demonstrate that our cloud services meet all minimum information security requirements in accordance with the BSI Cloud Computing Compliance Criteria Catalog (BSI C5). Customers can use the C5 attestation report as a basis for conducting their own risk analysis.
  • Trusted Cloud in accordance with the Federal Ministry for Economic Affairs and Energy (BMWi): Myra fully satisfies all of the requirements for transparency, IT security, data protection, and legal security associated with the Trusted Cloud label. Our customers can be sure that the confidentiality and security of their data are maintained.
  • 100% compliant with GDPR and the IT Security Act (IT-SIG)

Share this article