Federal Office for Information Security (BSI)

Minimum Standards of the BSI According to Section 8 Subsection 1 of the BSIG

The BSI establishes minimum standards to ensure the security of the federal information technology in accordance with Section 8 subsection 1 of the BSIG. As legal specifications, the minimum standards define a concrete minimum level of information security. This definition is based on the technical expertise of the BSI and the firm conviction that the federal administration must not undercut this minimum level.

IT systems are complex and characterized by their various prevailing circumstances and requirements within their individual scopes of application. Consequently, IT systems can regularly result in higher requirements for the information security than described in the minimum standards. These additional requirements must be taken into consideration, during the planning, establishment and operation of IT systems to satisfy the respective demand for information security. A detailed description of this procedure is outlined in the IT-Grundschutz-Standards of the BSI.

To ensure an effective and efficient development and monitoring process of the minimum standards, the BSI is working according to a standardized procedure. As part of this procedure, each minimum standard undergoes multiple examination cycles, including a consultation procedure with the federal administration. Besides federal bodies being able to comment on drafts of minimum standards, each federal body can participate in the creation of minimum standards. They can do so either by providing themes for new minimum standards or by providing input for modifications in published minimum standards to the BSI. Complementary to the development of minimum standards, the BSI advises the federal bodies upon request on the implementation of and compliance with minimum standards.

Do you have any questions or wish to contribute to minimum standards? Feel free to contact us.