Federal Office for Information Security (BSI)


The aim of IT-Grundschutz is to achieve an appropriate security level for all types of information of an organisation. IT-Grundschutz uses a holistic approach to this process. Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached that is suitable and adequate to protect business-related information having normal protection requirements. In many areas, IT-Grundschutz even provides advice for IT systems and applications requiring a high level of protection.


Since 2005 the "IT-Grundschutz Manual" is called "IT-Grundschutz Catalogues". You will find in the IT-Grundschutz Catalogues the modules, threats and safeguards. The IT-Grundschutz Methodology and the Risk analysis based on IT-Grundschutz you will find in the BSI-Standards.

Decision Guide for Managers:

This publication does not intend to make managers into security experts. Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.

An Overview you will find in the Decision Guide for Managers.

IT-Grundschutz international:

You will find more IT-Grundschutz documents in other languages at the IT-Grundschutz International website.

The IT-Grundschutz Catalogues are still available as "IT-Grundschutz-Kataloge" in German on which this English version is based on.