With IT-Grundschutz based on ISO 27001, the BSI provides a tried-and-tested, recognised tool for setting up and operating an information security management system (ISMS). The associated BSI standards 200-1 to 200-3 describe an ISMS and offer methods for its development and operation as well as for carrying out risk analyses. The IT-Grundschutz-Compendium describes the specific requirements to be implemented as part of a functioning ISMS with the IT-Grundschutz modules it contains.

IT-Grundschutz profiles can be used to make it easier for users to implement IT-Grundschutz in different industries and sectors. These IT-Grundschutz profiles contain specific security requirements and measures for certain use cases and thus enable simple and transparent application of IT-Grundschutz to your own organisation. They are best practices for specific scenarios and support the implementation of specific security requirements and the establishment of an ISMS. With the IT-Grundschutz profiles, users receive a template for essential steps for securing according to IT-Grundschutz. This template can be used as a template for the integration of an ISMS in accordance with IT-Grundschutz.

In order to make the operation and integration of different types of private 5G network solutions as secure as possible, the BSI has developed IT-Grundschutz profiles and user-defined modules together with experts and users from industry. These are intended to help companies and authorities to set up and operate a private 5G network securely and integrate it into the company network. The IT-Grundschutz profiles for securing private 5G networks are available in German.

Securing private 5G networks in thrid-party operation:
IT-Grundschutz-Profil zur Absicherung von 5G-Campusnetzen im Fremdbetrieb
IT-Grundschutz-Profil zur Absicherung von 5G-Campusnetzen im Fremdbetrieb Anlagen

Securing private 5G networks in inhouse operation:
IT-Grundschutz-Profil zur Absicherung von 5G-Campusnetzen im Eigenbetrieb
IT-Grundschutz-Profil zur Absicherung von 5G-Campusnetzen im Eigenbetrieb Anlagen

Associated user-defined IT-Grundschutz modules:
Benutzerdefinierter Baustein INF.bd.1 Ortsveränderliche Einhausung für IT-Systeme
Benutzerdefinierter Baustein INF.bd.1 Ortsveränderliche Einhausung für IT-Systeme Kreuzreferenztabelle
Benutzerdefinierter Baustein CON.bd.1 Verwaltung von SIM-Karten
Benutzerdefinierter Baustein CON.bd.1 Verwaltung von SIM-Karten Kreuzreferenztabelle
Benutzerdefinierter Baustein NET.bd.2.3 Betrieb privater 5G-Campusnetze
Benutzerdefinierter Baustein NET.bd.2.3 Betrieb privater 5G-Campusnetze Kreuzreferenztabelle

However, the publication of these IT-Grundschutz profiles is only the starting point. The IT-Grundschutz profiles are regularly adapted to the current state of the art. Further IT-Grundschutz profiles and user-defined IT-Grundschutz modules will also be created as required in order to map the various deployment scenarios of private 5G networks as well and clearly as possible and to make the application of security-related best practices as simple as possible.

The IT-Grundschutz profiles and user-defined IT-Grundschutz modules incorporate advice from vendors and users themselves. The experience and expertise is incorporated through two channels, either through workshops or from a wider circle through the "community draft" phase. In this phase, all interested parties have the opportunity to submit relevant comments and suggestions to the IT-Grundschutz unit of the BSI.

If you are also interested in securing private 5G networks and would like to support the BSI in creating and improving the IT-Grundschutz documents, please contact 5g@bsi.bund.de.