The German IT Baseline Protection (IT- Grundschutz) standard was established by the German Federal Office for Information Security (BSI) as a sound and sustainable information security management system (ISMS). IT-Grundschutz covers technical, organizational, infrastructural, and personnel aspects in equal measure. With its broad foundation, IT-Grundschutz offers a systematic approach to information security that is compatible with ISO/IEC 27001. Along with the BSI Standards, IT- Grundschutz provides essential publications to all kinds of institutions that want to set up an ISMS.
To make the successful implementation of IT-Grundschutz transparent to the outside world, companies or public authorities can be certified according to ISO 27001 based on IT-Grundschutz. This certificate confirms that the IT security concept meets the requirements of ISO 27001.
This is a consumer-protection regulation that provides recommendations on methods, processes, procedures, approaches, and measures relating to information security. BSI addresses issues fundamental to information security in public authorities and companies for which appropriate, practical, national, or international approaches have been established.
While BSI is a German federal standard, it is likely to apply to any organization with a client base within Germany (regardless of where they are themselves based), especially those in the public and legal sectors.
Runecast is a patented enterprise IT platform that provides IT ops and security teams one platform for configuration monitoring, vulnerability management, security compliance, remediation, upgrade planning and reporting.
Runecast automates the process of checking your workloads against BSI IT-Grundschutz. Each finding is mapped to the relevant BSI Building Block, including the exact text from the standard (in the German language), as well as a technical description in the English language. As with all of the checks in Runecast, these are also mapped to show you all impacted objects.
Runecast compliance audits cover the BSI C5 security standard for AWS. This standard, known as the Cloud Computing Compliance Controls Catalogue (C5), is published by Germany's Federal Office for Information Security (BSI) and is instrumental in helping organizations demonstrate their operational security in the context of cloud services.
BSI C5 outlines the fundamental requirements for secure cloud computing and offers a high level of assurance in cloud service security, going beyond international standards like ISO 27001 by including controls tailored specifically for cloud environments.
With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state, and also show as soon as any objects move out of compliance.
The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!
Run it... you will be amazed by the findings. We always think that a lot of applications are secure by nature and by how they’ve been designed, but after deploying Runecast you really understand the gaps that you might have in your environment and it’s definitely an eye-opener.
Vice President - Infrastructure & Security at Oman Airports
Download our solution brief now to gain a deeper understanding of the Assess phase in vulnerability management, and learn how to effectively evaluate the cyber exposure of all your assets and identify vulnerabilities, misconfigurations, and other security health indicators.
Download our solution brief to learn how Runecast's AI-powered platform can help minimize tool sprawl in your environment and transform uncoordinated, policy-less, manual, reactive efforts into proactive, automated, and continuously compliant practices.
What you will find in this guide
This Security Compliance Guide provides a comprehensive overview of common security standards (e.g.BSI IT-Grundschutz, CIS CSC, CISA, Cyber Essentials, DISA STIG, DORA, Essential 8, GDPR, HIPAA, ISO 27001, KVKK, NIST, PCI-DSS & VMware Security Configuration Guide), their associated pain points, and recommendations for achieving and maintaining compliance on AWS, Azure, Kubernetes and VMware.
Who will benefit most from it:
