The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Fenrijind Samuzilkree
Country: Qatar
Language: English (Spanish)
Genre: Spiritual
Published (Last): 9 November 2004
Pages: 311
PDF File Size: 16.95 Mb
ePub File Size: 3.79 Mb
ISBN: 200-1-63868-526-8
Downloads: 63108
Price: Free* [*Free Regsitration Required]
Uploader: Dar

Languages Deutsch Italiano Edit links. To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second. IT baseline protection protection encompasses standard security measures for typical IT systems, with normal kztaloge needs.

The topic of this article may not meet Wikipedia’s general notability guideline.

BSI – IT-Grundschutz – IT-Grundschutz International

Articles with topics of unclear notability from October All articles with topics of grundschurz notability. An itemization of individual threat sources ultimately follows. The following layers are formed: System administrators cover the third layer, looking at the grundshcutz of IT systems, including clientsservers and private branch exchanges or fax machines.

The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems.

The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers. The fourth layer falls within the network administrators task area.

This is followed by the layer number affected by the element. Federal Office for Security in Information Technology.

You will find in the IT- Grundschutz Catalogues the modules, threats and safeguards. Both components must be successfully implemented to guarantee the system’s security.


Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail. The component number is composed of the layer number in which the component is located and a gruneschutz number within the layer.

Views Read Edit View history.

IT Baseline Protection Catalogs

It serves as the basis for the IT baseline protection certification of an enterprise. Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached that is suitable and adequate to protect business-related information having normal protection requirements.

In the process, layers are used grundcshutz structuring individual measures groups. Category Z measures any additional grundschuta that have proven themselves grundschuta practice. Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification.

Decision Guide for Managers: The component catalog is the central element, and contains the following five layers: C stands for component, M for measure, and T for threat. It is not necessary to work through them to establish baseline protection. According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection.

These present supplementary information. Baseline protection can only be ensured if all measures are realized. Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives. grundschtuz

Bundesamt für Sicherheit in der Informationstechnik

IT Baseline Protection Handbook. Managers are initially named to initiate and realize the measures in the respective measures description. If the measure cited grundschuhz a given threat is not applicable for the individual IT system, it is not superfluous.

The respective measures or threats, which are introduced in the component, can also be relevant for other components. The given threat situation grundschuhz depicted after a short description of the component examining the facts.


The aim of IT- Grundschutz is to achieve an appropriate security level for all types of information of an organisation. This approach is very time-intensive and very expensive. Finally, a serial number within the layer identifies the element.

The first layer is addressed to managementincluding personnel and outsourcing. During realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any deviations from the initial measures should be documented for future reference.

Baseline protection does, however, demand an understanding grundscutz the measures, as well as the vigilance of management.

The necessary measures are presented in a text with short illustrations. Besides the forms, the cross-reference tables another useful supplement. Each measure is named and its degree of realization determined. Individual threat sources are described briefly. From Wikipedia, the free encyclopedia.

BSI – IT-Grundschutz Catalogues

A detailed description of the measures follows. An Overview you will find in the Decision Guide for Managers. In the process, classification of measures into the categories A, B, C, and Z is undertaken. By using this site, you agree to the Terms of Use and Privacy Policy.

IT- Grundschutz uses a holistic approach to this process. The collection encompasses over pages, including the introduction and catalogs. In the example of an Apache web server, the general B 5. Federal Office for Security in Information Technology, version.

Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished.