Obligations for operators of KRITIS
Operators of critical infrastructures within the meaning of the IT Security Act are obliged under the BSI-Act (BSIG) and the BSI Kritis Regulation (BSI-KritisV)
- to designate a contact point for the critical infrastructure operated
- to report IT disruptions or significant impairments
- to implement 'state of the art' IT security
- to verify this to the BSI every two years
To make it easier for KRITIS operators to fulfil these obligations, the following pages provide concrete information on implementation.