The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Mazujinn Kazratilar
Country: Sudan
Language: English (Spanish)
Genre: Automotive
Published (Last): 18 May 2009
Pages: 178
PDF File Size: 6.15 Mb
ePub File Size: 20.94 Mb
ISBN: 729-9-37295-163-2
Downloads: 17367
Price: Free* [*Free Regsitration Required]
Uploader: Arashicage

The fourth layer falls within the network administrators task area. Ut A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification.

BSI – IT-Grundschutz Catalogues

,ataloge The topic of this article may not meet Wikipedia’s general notability guideline. The fifth within that of the applications administrator and the IT user, concerning software kataloe database management systemse-mail and web servers. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. The respective measures or threats, which are introduced in the component, can also be relevant for other components.

The aim of IT- Grundschutz is to achieve an appropriate security level for all types of information of an organisation. These present supplementary information. It is grunddschutz necessary to work through them to establish baseline protection.

Each individual component follows the same layout. A table summarizes the measures to be applied for individual components in this regard.

IT Baseline Protection Catalogs

Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

  AR 600-13 PDF

If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous. The forms provided serve to remedy protection needs for certain IT system components. To familiarize the user with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary.

By using this site, you agree to the Terms of Use and Privacy Policy. Decision Guide for Managers: Baseline gfundschutz does, however, demand an understanding of the measures, as well as the vigilance of management. They summarize the measures and most important threats for individual components. In this way, a network of individual components arises in the baseline protection catalogs. The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections.

During realization of measures, personnel should verify whether adaptation grundscutz the operation in question is necessary; any deviations from the initial measures should be documented for future reference. This publication does not intend to make managers into security experts.

Bundesamt für Sicherheit in der Informationstechnik

In the process, layers are used for structuring individual measures groups. In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace the more expensive risk assessment. Finally, the realization is terminated and a manager is named.

The collection encompasses over pages, including the introduction grundschktz catalogs. Measures, as well as threats, are cited with mnemonics. Finally, katalogd serial number within the layer identifies the element.

Federal Office for Security in Information Technology. Views Read Edit View history. Languages Deutsch Italiano Edit links. However, the grundschitz tables only cite the most important threats. This page was last edited on 29 Septemberat The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.


Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first. The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems. Managers are initially named to initiate and realize the measures in the respective measures description.

It serves as the basis for the IT baseline protection certification of an enterprise.

The given threat situation is depicted after a short description of the component examining the facts. This is followed by the layer number affected by the element. Each measure is named and its degree of realization determined.

Finally, control questions regarding correct realization are given. The component number is composed of the layer number in which the component is located and a unique number within the layer.

Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.