What’s New in the BSI IT-Grundschutz 2020 Compendium
What is the BSI Grundschutz standard?
The BSI standards provide recommendations on methods, processes, and procedures, as well as approaches and actions on different aspects of information security. Organizations can use BSI standards to make their operations, processes, and data safer.
- The BSI standard 200-1 defines general requirements for an Information Security Management System (ISMS).
- The BSI Standard 200-2 provides a foundation for building an ISMS based on IT-Grunschutz methodology.
- The BSI Standard 200-3 covers risk-related issues. The standard provides a clear path to gear the IT-Grundschutz analysis to the risk assessment process.
IT-Grundschutz 2019 vs. IT-Grundschutz 2020: What’s the Difference?
The 2019 edition contained 94 modules, 14 of which were completely new ones. 25 modules have been substantially revised. Major novelties referred to Mobile applications, Cloud solutions, embedded systems, and extended platform support (MacOS, PBX, SAP, IBM Z, etc.).
As for the new edition of the IT-Grundschutz Compendium, it has two new modules: CON.8 “Software Development” and INF.5 “Room and cabinet for technical infrastructure.” Besides, the BSI has revised existing modules from version 2019.
The IT-Grundschutz Compendium 2020 focuses on the description of standardized security requirements for typical business processes, applications, and IT systems and their threats. Broken down into 96 building blocks, IT-Grundschutz also deals with the implementation of clear security measures and the detailed procedures for risk mitigation.
Responsibility for information security remains at the top management level. Yet the task of “information security” is typically delegated to an information security officer.
The titles are now supplemented by an abbreviation:
- “basic requirement” (B)
- “standard requirement” (S)
- “requirement for increased protection requirements” (H).
All modules have been revised in terms of content; the structure of the text has been improved. This enables the IT-Grundschutz modules to be used even more accurately. Edition 2020 replaces Edition 2019 and is valid until September 30, 2020, for current certification processes.
Integration with automated solutions
As BSI IT-Grundschutz is a very detailed regulation, its full implementation in the organization can be a highly time and resource-consuming task. Automated solutions like Infopulse Standards Compliance Manager significantly reduce your efforts by breaking down the silos and streamlining all compliance-related processes.
The Infopulse SCM version integrates the updated IT-Grundschutz documentation. Besides a set of improved and added features, you will be able to use all the features of the updated IT-Grundschutz 2020.
Implementing IT-Grundschutz 2020 with Infopulse SCM
Infopulse SCM supports the BSI IT-Grundschutz, and its new update is automatically built in the system. It will enable users to:
- Create new concepts based on the IT-Grundschutz 2020
- Migrate the existing security concept to the modernized IT-Grundschutz 2020
- Get automatic updates of the requirements and modules
- Empower the security evaluation process with new modules
- Use new roles to add flexibility to your ISMS
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.