Germany IT-Grundschutz workbook
Germany IT-Grundschutz workbook overview
To help organizations secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These standards consist of:
- BSI Standard 200-1 defines an an information security management system (ISMS) based on ISO/IEC 27001
- BSI Standard 200-2 describes how to set up and operate an ISMS according to the IT-Grundschutz methodology
- BSI Standard 200-3 contains all risk-related tasks
- The IT-Grundschutz Catalogues describe potential threats and safeguards for typical business environments
Azure and IT-Grundschutz workbook
To help you achieve your IT-Grundschutz certification, Microsoft Germany has published the IT-Grundschutz Compliance workbook for solutions and workloads deployed on Azure. Developed by HiSolutions AG, an independent consulting and auditing firm in Germany, the workbook is based on IT-Grundschutz Catalogues v.15, which includes modules covering internet and cloud usage, such as M 1.17 Cloud Usage.
This workbook can help you implement the IT-Grundschutz methodology within the scope of your existing or planned ISO/IEC 27001 certification. It describes how to apply the IT-Grundschutz methodology to applications in the cloud and outlines how to implement all audit-relevant safeguards from the IT-Grundschutz module, M 1.17 Cloud Usage.
- IT-Grundschutz Compliance workbook (German)
Frequently asked questions
Can I use the Microsoft IT-Grundschutz Compliance workbook to help my organization comply with IT-Grundschutz? Yes. The purpose of the workbook is to help you use Azure services to implement the IT-Grundschutz methodology within the scope of your existing or planned ISO/IEC 27001 certification based on IT-Grundschutz.
What's the difference between the IT-Grundschutz and C5 catalogues? The IT-Grundschutz supplies the specific methodology to help organizations identify and implement security measures for IT systems, and is one of the elements upon which the Cloud Computing Compliance Criteria Catalogue (C5) standard is built. C5 is an auditing standard from BSI that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. For more information, see Azure C5:2020 documentation.
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI)
- BSI Cloud Computing Compliance Criteria Catalogue (C5)
- BSI Secure use of cloud services