The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Shakajora Nijas
Country: Morocco
Language: English (Spanish)
Genre: Video
Published (Last): 5 March 2005
Pages: 99
PDF File Size: 8.90 Mb
ePub File Size: 11.7 Mb
ISBN: 904-6-48794-413-8
Downloads: 64810
Price: Free* [*Free Regsitration Required]
Uploader: Vukree

The component catalog is the central element, and contains the following five layers: Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first.

However, the cross-reference tables only cite the most important threats. Finally, a serial number gruhdschutz the layer identifies the element. Baseline protection does, however, demand an understanding of the measures, as well as the vigilance of management.

The respective measures or threats, which are introduced in the component, can also be relevant for other components. In cases in which security needs are greater, such protection can be used as a basis for further action.

During realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any deviations from the initial measures should be documented for future reference. Finally, examples of damages that can be grundwchutz by these threat sources are given. Ktaloge measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally.

The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail kataloe web servers. Each individual component follows the same layout.

An Overview you will find in the Decision Guide for Managers. C stands for component, M for measure, and T for threat. Managers are initially named to initiate and realize the measures in the respective measures description. If notability cannot be established, the article is likely to be mergedredirectedor deleted. The given threat situation is depicted after a short description of the component examining the facts.


OWASP Review BSI IT-Grundschutz Baustein Webanwendungen – OWASP

The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. The fourth layer falls within the network administrators task area. Please help to establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. IT Baseline Protection Handbook. These threat catalogs follow the general layout in layers. IT baseline protection protection encompasses standard security measures for typical IT systems, with normal protection needs.

grunsschutz To keep each component as compact as possible, katlaoge aspects are collected in one component, while more specific information is collected into a second. Retrieved from ” https: In this way, a network of individual components arises in the baseline protection catalogs. Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished.

The forms provided serve to remedy protection needs for certain IT system components. Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

A table summarizes the measures to be applied for individual components in this regard. Articles with topics of unclear notability from October All articles with topics of unclear notability.

BSI – IT-Grundschutz

Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification. If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous.

The conclusion consists of a cost assessment. To familiarize the user with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary.


Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached that is suitable and adequate to protect business-related information having normal protection requirements.

Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question. They summarize the measures and most important threats for individual components. In many areas, IT- Grundschutz even provides advice for IT systems and applications requiring a high level of protection.

Finally, the realization is terminated and a manager is named. Individual threat sources are described briefly. The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures. The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems.

After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle.

Bundesamt für Sicherheit in der Informationstechnik

The table contains correlations between measures and the threats they address. You will find in the IT- Grundschutz Catalogues the modules, threats and safeguards. It serves as the basis for the IT baseline protection certification mataloge an enterprise. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group of similar systems are investigated individually.