Home

ITGrundschutz

IT-Grundschutz is a structured approach to information security management developed by the German Federal Office for Information Security (BSI). It provides a methodological framework and a catalog of security controls to protect information assets and IT systems in organizations.

Its central components are the IT-Grundschutz-Kompendium, which contains modular building blocks (Bausteine) covering areas such as

Methodology: The IT-Grundschutz methodology guides organizations through identification of assets and dependencies, a risk assessment, and

Relation to other standards: IT-Grundschutz is designed to be compatible with international standards such as ISO/IEC

History and updates: The framework is maintained by the BSI and updated periodically to reflect new threats

Organization,
Personnel,
Facility,
IT
Infrastructure,
IT
Systems,
Applications,
and
Operations.
The
Kompendium
also
defines
protection
concepts
at
three
protection
levels:
Basisschutz
(basic
protection),
Standard-Schutz
(standard
protection),
and
Erweiterter
Schutz
(expanded
protection),
which
specify
increasingly
comprehensive
safeguard
measures.
the
selection
and
implementation
of
appropriate
Bausteine
to
achieve
the
desired
protection
level.
The
resulting
documentation,
including
a
statement
of
applicability,
serves
as
a
basis
for
audits
and
continuous
improvement
and
can
be
used
in
support
of
certifications
or
ISMS
alignment.
27001
and
can
be
used
as
a
practical
basis
for
implementing
an
information
security
management
system.
It
is
widely
adopted
in
Germany,
especially
by
public
authorities
and
contractors,
but
is
also
used
by
private
sector
organizations.
and
technologies.
The
IT-Grundschutz-Kompendium
evolves
with
revised
Bausteine
and
updated
protection
catalogs.