(3) Federal communications technology as referred to in this Act shall mean information technology
operated by one or more federal authorities or on behalf of one or more federal authorities and used for
communication or data exchange among federal authorities or between federal authorities and third
parties. Communications technology of federal courts, where these do not perform administrative tasks
under public law, and of the Bundestag, the Bundesrat, the Federal President and Germany’s Supreme
Audit Institution shall not constitute federal communications technology, where these authorities have
exclusive responsibility for its operation.
(4) Federal communications technology interfaces as referred to in this Act shall mean security-relevant
gateways within federal communications technology and between this technology and the information
technology of individual federal authorities, groups of federal authorities, or third parties. This shall not
apply to components at the network gateways which the courts and constitutional bodies referred to in
subsection 3 second sentence are responsible for operating.
(5) Harmful software as referred to in this Act shall mean software programs and other information
technology routines and processes intended to use or delete data without authorization or intended to
interfere with other information technology processes without authorization.
(6) Security gaps as referred to in this Act shall mean characteristics of software programs or other
information technology systems which third parties can use to gain unauthorized access to other
information technology systems or to interfere with the function of information technology systems.
(7) Certification as referred to in the Act shall mean the determination by a certification authority that a
product, process, system, protection profile (security certification), person (personal certification) or a
provider of IT security services fulfils certain requirements.
(8) Protocol data as referred to in this Act shall mean control information of an information technology
protocol for transferring data which is transmitted independently of the content of communication or
stored on the server involved in the communication process and which is necessary for communication
between sender and recipient. Protocol data may contain traffic data in accordance with Section 3 no. 30
of the Telecommunications Act (TKG) and user data in accordance with Section 15 (1) of the Telemedia
Act (TMG).
(9) Data traffic as referred to in this Act shall mean data transmitted using technical protocols. Data traffic
may contain telecommunications content in accordance with Section 88 (1) of the Telecommunications
Act and user data in accordance with Section 15 (1) of the Telemedia Act.
table of contents
Section 3
Tasks of the Federal Office
(1) The Federal Office shall promote the security of information technology. To do so, it shall perform the
following tasks:
1. prevent threats to the security of federal information technology;
2/10