Foreword

Based on the daily work of the Federal Office for Information Security we know the following: cyber attacks with the power to have significant adverse effects on the potential of the location in question are constantly taking place in Germany. Here, the type of attacks differs strongly and mass attacks, targeted attacks, as well as scalpel-type attacks can be observed. Due to its complexity, information technology, especially software, is not impeccable. Therefore, weaknesses and vulnerabilities are daily fare, including those that can be used remotely due to the IT systems being networked.

The increasing professionalisation of attackers and attack methods furthermore causes a dynamic threat scenario and a permanent competition between cyber attacks and cyber defence. However, there is also good news: approx. 80 percent of the known attacks can be seen off with the help of standard protection safeguards, within the framework of IT-Grundschutz, for example.

Therefore, the regular updates of the IT-Grundschutz Catalogues and their adaptations to the latest state of the art are a central task of the BSI. This is the only way to ensure the practical relevance particularly important in the field of IT-Grundschutz. The 13th version again updates the IT-Grundschutz Catalogues with regard to the latest developments in the field of IT, for which government agencies and companies must find solutions, taking into account user comfort, costs, and security in equal measure.

For example, the module about Windows Server 2008 shows a systematic way for drawing up a concept for securely operating servers in Windows 2008 in an organisation. The separate modules furthermore provide the IT-Grundschutz users with information as to how clients can be configured securely in the Mac OS X and Windows 7 operating systems.

Based on the considerable amount of feedback from IT-Grundschutz users, we know that the field of web applications is becoming increasingly important for organisations. More and more services for employees, customers, and citizens are provided using web applications and are consequently exposed to attacks with an increasing frequency. In order to adequately protect these offers, the new module was developed with the cooperation of the German Chapter of the Open Web Application Security Project (OWASP). This module requested by many users provides very specific and extensive recommendations regarding the protection of web applications.

The updated IT-Grundschutz Catalogues contain numerous suggestions for technical protection, as well as organisational measures regarding these and many other topics. We hope you will be successful during practical implementation and we would appreciate your feedback in order to help us continue developing IT-Grundschutz in the future.

Bonn, September 2013

Michael Hange, Präsident des BSI

Michael Hange, President of the Federal Office for Information Security

© Federal Office for Information Security. All rights reserved.