Operators of critical infrastructures within the meaning of the IT Security Act are obliged under the BSI-Act (BSIG) and the BSI Kritis Regulation (BSI-KritisV)

• to designate a contact point for the critical infrastructure operated
• to report IT disruptions or significant impairments
• to implement 'state of the art' IT security
• to verify this to the BSI every two years

To make it easier for KRITIS operators to fulfil these obligations, the following pages provide concrete information on implementation.