14-Feb-2020
This edition is based on the so-called building blocks, within which potential threats are discussed and security requirements are highlighted.
These building blocks are included in the IT-Grundschutz-Compendium.
- ISMS: Security Management
- ORP: Organization and personnel
- CON: Concept and approach
- OPS: Operation
- DER: Detection and response
- APP: Applications
- SYS: IT systems
- IND: Industrial IT
- NET: networks and communication
- INF: Infrastructure
The requirements described herein reflect the so-called state of the art.
Since 01.02.2020, Edition 2020 of the IT-Grundschutz-Compendium is relevant for certification. The current edition contains two new IT-Grundschutz modules and a linguistic revision of all modules of Edition 2019. New are
- CON.8 Software development and
- INF.5 Room and cabinet for technical infrastructure
CON.8 refers here to individual or modified software solutions. The module places information security in the foreground when developing, adapting or extending IT applications in-house and is an extension of CON.5 (development and use of individual software).
INF.5 applies to containers and rooms in general in which technical infrastructure is accommodated. The aim is to protect its components electronically, mechanically and structurally so that its functionality is guaranteed.
ORP.4 Identity and authorization management is particularly relevant for users.
This is concerned with the doubtless identification and authentication of IT components. Above all, in the authorization management, the BSI has made a change in content that relates to the regular password change.
The British Communications Electronics Security Group (CESG), a department of the intelligence service GCHQ, has been advising against regular password changes since 2016, the National Institute of Standards and Technology (NIST) of the United States of America followed a year later.
The background is the current state of research, according to which the enforcement of a periodic password change led to less secure passwords. The chapter on the regulation of password use in ORP.4.A8 now no longer contains a corresponding recommendation for change and no longer contains a commitment to fixed rules for the complexity and length of passwords. Rather, BSI refers to the fact that a password must be changed if it falls into unauthorized hands.
Press & media contact
Uwe GreunkeResponsible for Marketing, Division Networks & Cybersecurity
uwe.greunke@rohde-schwarz.com
Rohde & Schwarz
Rohde & Schwarz is striving for a safer and connected world with its Test & Measurement, Technology Systems and Networks & Cybersecurity Divisions. For 90 years, the global technology group has pushed technical boundaries with developments in cutting-edge technologies. The company's leading-edge products and solutions empower industrial, regulatory and government customers to attain technological and digital sovereignty. The privately owned, Munich based company can act independently, long-term and sustainably. Rohde & Schwarz generated net revenue of EUR 2.78 billion in the 2022/2023 fiscal year (July to June). On June 30, 2023, Rohde & Schwarz had around 13,800 employees worldwide.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Networks & Cybersecurity
With its subsidiaries LANCOM Systems, Rohde & Schwarz Cybersecurity, and Rohde & Schwarz SIT, the group has bundled its expertise in one division. Know-how that is needed to become the largest provider of network and cybersecurity technology for companies, public authorities, and organizations in Europe.
