The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Meztizragore Akinozragore
Country: Uzbekistan
Language: English (Spanish)
Genre: Life
Published (Last): 8 August 2014
Pages: 242
PDF File Size: 8.97 Mb
ePub File Size: 17.93 Mb
ISBN: 488-7-20233-129-7
Downloads: 97899
Price: Free* [*Free Regsitration Required]
Uploader: Daira

This approach is very time-intensive and very expensive. Managers are initially named to initiate and realize the measures in the respective measures description. The following layers are formed: The aim of IT- Grundschutz grunddschutz to achieve an appropriate security level for all types of information of an organisation.

This page was last edited on 29 Septemberat This is followed by the layer number affected by the element.

A detailed description of the measures follows. The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers.

In the process, classification kaataloge measures into the categories A, B, C, and Z is undertaken. During realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any deviations from the initial measures should be documented for future reference. Besides the forms, the cross-reference tables another useful supplement. According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection.

The fourth layer falls within the network administrators task area.

BSI – IT-Grundschutz – IT-Grundschutz International

These threat catalogs follow the general layout in layers. Both components must be successfully implemented to guarantee the system’s security.

It serves as the basis for the IT baseline protection certification of an enterprise. In the process, layers are used for structuring individual measures groups. The vrundschutz threat situation is depicted after a short description of the component examining the facts. The collection encompasses over pages, including the introduction and catalogs.


In the example of an Apache web server, the general B 5. The component number is composed of the layer number in which the component is grundshutz and a unique number within the layer. They summarize the measures and most important threats for individual components. Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.

Federal Office for Information Security (BSI)

IT- Grundschutz The aim of IT- Grundschutz is to achieve an appropriate katalooge level for all types of information of an organisation. A table summarizes the measures to be applied for individual components in this regard.

It is not necessary to work through them to establish baseline protection. Finally, a serial number within the layer identifies the element.

Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first. Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question.

The component catalog grundschutzz the central element, and contains the following five layers: The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures. In cases in which security needs are greater, such protection can be used as a basis for further action.

An itemization of individual threat sources ultimately follows. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. Each measure is named and its grundechutz of realization determined. The first layer is addressed to managementincluding personnel and outsourcing. C stands for component, M for measure, and T for threat. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group of similar systems are investigated individually.


IT baseline protection protection encompasses standard security measures for typical IT systems, with normal protection needs. By using this site, you agree to the Terms of Use and Privacy Policy.

Finally, the realization is terminated and a manager is named.

If the measures’ realization is not possible, reasons for this are entered in the adjacent field for later traceability. The conclusion consists of a cost assessment. The component catalogs, threat catalogs, and the measures grundscyutz follow these introductory sections. Please help to establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention.

The respective measures or threats, which are introduced in the component, can also be relevant for other components. Decision Guide for Managers: To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second.

IT Baseline Protection Catalogs – Wikipedia

Baseline protection can only be ensured if all measures are realized. IT Baseline Protection Handbook. Each individual component follows the same katalige. Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous.

In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace the more expensive risk assessment.