The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: JoJosida Jukinos
Country: Yemen
Language: English (Spanish)
Genre: Personal Growth
Published (Last): 10 July 2007
Pages: 497
PDF File Size: 4.32 Mb
ePub File Size: 1.66 Mb
ISBN: 592-5-65576-607-5
Downloads: 89413
Price: Free* [*Free Regsitration Required]
Uploader: Faegis

The table contains correlations between measures and the threats they address.

CRISAM BSI und GSTOOL Knowledge Pack | Crisam

Category Z measures any additional measures that have proven themselves in practice. This approach is very time-intensive and very expensive.

An Overview you will find in the Decision Guide for Managers. The component catalog is the central element, and contains the following five layers: System administrators cover the third layer, looking at the characteristics of IT systems, including clientsservers and private branch exchanges or fax machines.

C stands for component, Grundscchutz for measure, and T for threat.

OWASP Review BSI IT-Grundschutz Baustein Webanwendungen

It serves as the basis for the IT baseline protection certification of an enterprise. To familiarize the user with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary. By using this site, you agree to the Terms of Use and Privacy Policy.

Grundwchutz cases in which security needs are greater, such protection can be used as a basis for further action. Federal Office for Security in Information Technology. Finally, the realization is terminated and a manager is named. Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in grundcshutz.

The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.


Individual threat sources are described briefly. If notability cannot be established, the article is likely to be mergedredirectedor deleted. If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous.

In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace the more expensive risk assessment.

The component number is composed of the layer number in which the component is located and kxtaloge unique number within the layer. The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. A detailed description of the measures follows.

The topic of this article may not meet Wikipedia’s general notability guideline. They summarize the measures and most important threats for individual components.

Finally, control questions regarding correct realization are given. Baseline protection can only be ensured if all measures are realized.

Bundesamt für Sicherheit in der Informationstechnik

Besides the forms, the cross-reference tables another useful supplement. After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle.

Managers are initially named to initiate and realize the measures in the respective measures description.

Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first. The measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally. Each measure is named and its degree of realization determined. The fourth layer falls within the network administrators task area. Here you can also find the Katakoge Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

Grudnschutz realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any deviations from the initial measures should be documented for future reference.


The given threat situation is depicted after a short description of the component examining the facts. You will find in the IT- Grundschutz Catalogues the modules, threats and safeguards. However, the cross-reference tables only cite the most important threats.

IT- Grundschutz uses a holistic approach to this process. The respective measures or threats, which are introduced in the component, can also be relevant for other components. The first layer is addressed to managementincluding personnel and outsourcing. According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection.

Both components must be successfully implemented to guarantee the system’s security. Federal Office for Security in Information Technology, version. In this way, a network of individual components arises in the baseline protection catalogs.

BSI – IT-Grundschutz

Measures are cited with a priority and a classification. These present supplementary information. In the process, classification of measures into the categories A, B, C, and Z is undertaken. Finally, examples of damages that can be triggered by these threat sources are given. In the example of an Apache web server, the general B 5.

IT- Grundschutz The aim of IT- Grundschutz is to kxtaloge an appropriate security level for all types of information of an organisation. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is katalge, and the costs grunddchutz damage to the system or group of similar systems are investigated individually. This is followed by the layer number affected by the element. Measures, as well as threats, are cited with mnemonics.

Author: admin