BSI TR-02102-2
BSI TR-02102-2 ("Cryptographic Mechanisms: Use of Transport Layer Security (TLS)") is the companion guideline to TR-02102-1. Where Part 1 covers cryptographic primitives in general, Part 2 focuses specifically on securing data in transit with TLS — mandating protocol versions, cipher suites, certificate handling, and session parameters for connections in the German healthcare and government sectors.
Integration with azuma nori
TR-02102-2 provides the network-security bedrock referenced by broader frameworks such as BSI TR-03161. When nori evaluates transport-security controls, it draws on the TR-02102-2 constraints to decide whether a codebase's TLS configuration is compliant.
Automated Evaluations
When azuma nori evaluates transport-security controls, the sub-agents analyze your project's
Wiki, dependencies, and configuration to verify:
- Approved Protocol Versions: Enforcement of TLS 1.2 or TLS 1.3, explicitly flagging any fallback to SSL or early/deprecated TLS versions.
- Vetted Cipher Suites: Use of recommended cipher suites and key-exchange mechanisms, with deprecated or weak suites flagged.
- Certificate Validation: Correct certificate-path and hostname validation, and checks that validation is not disabled or bypassed in code.
- Session Handling: Sound session and renegotiation settings in line with the guideline.
Providing Manual Evidence
Some transport-security assurances — such as network-appliance configuration, load-balancer or reverse-proxy TLS termination, or infrastructure-level policy — may not be fully visible in application source code.
For these, attach the relevant configuration exports, architecture diagrams, or operational documentation via the Evidence tab in the Standalone Client. The evaluating sub-agents will read these alongside your code to reach a final verdict.