Question 1

What is BSI IT-Grundschutz and who must comply?

Accepted Answer

IT-Grundschutz is the German federal IT security standard published by the Bundesamt für Sicherheit in der Informationstechnik (BSI). It is mandatory for all German federal agencies and strongly recommended for critical infrastructure operators, state agencies, and suppliers to the public sector. Many private organisations adopt it as a rigorous alternative to ISO 27001.

Question 2

What are the BSI 200-series standards?

Accepted Answer

The BSI 200-series defines the methodology for implementing Grundschutz. Standard 200-1 covers ISMS management principles, 200-2 the IT-Grundschutz methodology, 200-3 risk analysis, and 200-4 business continuity management. KaitoSec provides structured workflows for each standard.

Question 3

What is the difference between Grundschutz certification and ISO 27001 certification?

Accepted Answer

BSI Grundschutz certification is a German-specific credential recognised primarily within the public sector and critical infrastructure. ISO 27001 is internationally recognised. The two standards have significant overlap, and BSI provides an official mapping. KaitoSec supports both certifications and maintains the cross-mapping so organisations can pursue both simultaneously.

Question 4

How are Bausteine structured in the IT-Grundschutz-Kompendium?

Accepted Answer

Bausteine (building blocks or modules) are the core unit of Grundschutz. Each Baustein covers a specific IT topic, such as servers, networks, or mobile devices, and contains a set of requirements categorised as basic (Basis), standard, or elevated (Erhöhter Schutzbedarf). KaitoSec maps each Baustein to your relevant assets and tracks requirement implementation at that granular level.

Question 5

Does KaitoSec support Grundschutz for cloud environments?

Accepted Answer

Yes. The IT-Grundschutz-Kompendium includes specific Bausteine for cloud usage (INF.14, OPS.2.2, and related modules). KaitoSec supports cloud asset types and maps the relevant cloud-specific Bausteine automatically when cloud systems are added to your inventory.

BSI IT-Grundschutz inside a four-system management platform

Native Grundschutz-Kompendium integration

BSI 200-series methodology end to end

Sicherheitskonzept generated, not assembled

One mapping, three certificates worth of evidence

Baustein-Based Implementation Tracker

Schutzbedarfsfeststellung (Protection Needs Analysis)

Cross-Mapping to ISO 27001 and NIS2

FAQ

Product

Frameworks

Solutions

Services

Resources

Company

Legal