Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

The Federal IT Consolidation

The Federal Government initiated the consolidation of the Federal Administration's IT by cabinet resolution in 2015. The benefits of synergy and scaling effects can be achieved by combining and standardizing IT services. A predominant goal is to continue to ensure information security while the complexity is ever increasing. This project affects around 168 federal authorities with up to 276,000 employees.

The Federal IT Consolidation (ITKB) Project has two distinct sub-projects: the Federal IT Operations Consolidation (BKB) and the Service Consolidation (DK). IT solutions are developed centrally by both sub-projects. The project’s service providers are the Federal Information Technology Centre (ITZBund) and the Federal Agency for Public Safety and Digital Radio (BDBOS). While the ITZBund implements the BKB and the DK operationally, the BDBOS is the network services provider responsible for the federal networks.

Within the framework of the ITKB, the Federal Office for Information Security (BSI) supports each sub-project as well as some activity regarding to information security.


Information Security Management System for Federal IT Consolidation

As part of the operational implementation of the ITKB, it is necessary to ensure the cooperation of information security management systems (ISMS) of the participating organizations of the ITKB (project managers, service providers and federal authorities) in a suitable manner in order to guarantee an appropriate level of information security. The Federal Implementation Plan 2017 (UP Bund 2017) sets a guideline for information security in the federal administration. It calls for further specification of the general requirements for information security with regard to the ITKB to be defined in a "Guideline on Information Security for Federal IT Consolidation" (ISR ITKB). In particular, the ISR ITKB shall ensure suitable cooperation between the ISMS of the service providers and the federal authorities of the ITKB.

The CIO Board adopted version 2.0 of the ISR ITKB on February 27, 2023. It defines rights and obligations of the institutions of the ITKB with regard to information security as a minimum standard according to § 8 BSIG. This minimum standard for the information security management system in the federal IT consolidation (MST ISMS ITKB) was drafted in cooperation with the service providers and federal authorities of the ITKB and agreed by the appropriate committees. On 17 October 2024, the minimum standard was adopted by the State Secretaries of the Federal Ministry of the Interior and Community (BMI) and the Federal Ministry of Finance (BMF) within the IT Consolidation Steering Committee (LA ITK) and subsequently published by the BSI. The minimum standard has the following scope:

  • Uniform protection needs categories,
  • Communicating of the results of security concepts,
  • Authorization of service providers,
  • Risk management and risk transparency,
  • Audit / Verification obligations in the Federal IT Consolidation,
  • Incident management,
  • Vulnerability management,
  • Interfaces in the ISMS of the Federal IT Consolidation,
  • Service Relationship in the Federal IT Consolidation.

Information Security Officer IT Consolidation Federal Government (ISB ITKB)

The ISB ITKB is provided by the BSI and appointed by the LA ITK. The ISB ITKB is responsible for the implementation and further development of the ISMS ITKB, including the update of the ISR ITKB, the MST ISMS ITKB and the creation of information security requirements in the ITKB.

Documents and Forms

ISR ITKB and MST ISMS ITKB

The ISR ITKB 2.0 forms the basis for a uniform level of information security in the ITKB.

The MST ISMS ITKB based on the ISR ITKB and sets out binding regulations for the institutions of the ITKB.

User-defined IT baseline protection module "Service Relationship in the Federal IT Consolidation"

In the context of the ITKB, the relationship between the federal authorities and the service providers of the ITKB is not a common outsourcing relationship. Therefore, the user-defined module "OPS.bd.3.1, Service Relationship in the Federal IT Consolidation" has to be used for services of the ITKB.

Handout for the identification of potential composite risks

The handout is a supplement to the MST ISMS ITKB that supports institutions of the ITKB - especially federal authorities - in identifying and reporting potential composite risks.

The handout is available in the federal government's internal area handout is available in the federal government's internal area of the BSI website.

Single Point of Contact for the ISMS ITKB

Within the framework of the ISMS ITKB, each institution of the ITKB provides a Single Point of Contact (SPOC). All communication takes place via this SPOC (see MST ISMS ITKB). To report the SPOC, the following form has to be submitted.

A contact list of the registered SPOCs is available in the internal federal section of the BSI website.

On the subject

More Information

Back to Federal Office for Information Security