The German Federal Office for Information Security (BSI) draws up minimum standards for security of the Federal Administration’s information technology, on the basis of Section 8 (1) of the BSI Act (BSIG). Minimum standards define a specific minimum level of information security as a legal requirement. The definition is based on technical expertise applied by the BSI with the aim of ensuring that this minimum level should be maintained within the Federal Administration.

IT systems are generally complex and characterised by a wide variety of (additional) framework conditions and requirements in their individual application areas. In practice, information security requirements may therefore regularly be higher than those described in the minimum standards. Based on the minimum standards, these individual requirements must also be taken into account in the planning, setup and operation of IT systems, in order to meet the respective need for information security. The procedure to follow when doing so is described in the IT-Grundschutz standards from the BSI.

The BSI applies a standardised procedure in order to ensure effectiveness and efficiency in its work involving the creation and maintenance of minimum standards (go to FAQs). Each minimum standard undergoes several testing cycles for quality assurance, including a consultation procedure with the Federal Administration. In addition to participation in the development of minimum standards, every office within the Federal Administration can also contribute to the development of technical subject areas for new minimum standards or contact the BSI about the need for amendments to existing minimum standards. As part of its work in drawing up minimum standards, the BSI advises federal agencies on request regarding implementation of/compliance with the minimum standards.

These and other important details about the minimum standards are summarised in the ‘Minimum standards – Federal Administration’ brochure, which is part of the article library maintained by the BSI, and can be downloaded as a PDF or ordered as a printed copy.

Please note that all documents relating to the minimum standards are only available in German.

Do you have questions or feedback about minimum standards? If you do, please feel free to contact us.

Provisioning of minimum standards in ISMS tools

The BSI minimum standards (Section 8 (1) BSI Act) are released for use at no charge in commercial products (ISMS tools). The conditions of use set out in the Information for Users apply when downloading and using the minimum standards. The completion of an application form, as mentioned in the Information for Users, is not necessary for the minimum standards. You are invited to give us your feedback on this new service. This publicly available service for the minimum standards must be provided to users at no cost and applicable supplementary documents (e.g. Implementation Guidance, help documents, etc.) must also be included.