LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the Schutzbedarfsstufen (protection-need categories) in BSI IT-Grundschutz?

Two levels: Schutzbedarf normal (covered by Basis-/Standard-Anforderungen) and erhöhter Schutzbedarf (requires additional risk analysis and tighter controls).

Castle-like stack: erhöhter Schutzbedarf on top, normal band, then Standard- and Basis-Anforderungen

* Two protection-need levels: normal is covered by Basis/Standard requirements; erhöht triggers extra 200-3 risk analysis. *

Visualised as a "castle silhouette":

                  ▲ erhöhter Schutzbedarf  → Anforderungen für erhöhten Schutzbedarf
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ Schutzbedarf normal ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
Kern-Absicherung   |   Standard-Absicherung               → Standard-Anforderungen
                                Basis-Absicherung         → Basis-Anforderungen

Three "Absicherung" depths × two Schutzbedarf levels:

  • Basis-Anforderungen — minimum that everyone implements.
  • Standard-Anforderungen — additional measures for normal protection.
  • Anforderungen für erhöhten Schutzbedarf — when 200-3 risk analysis flags an object as critical.

Tip: This is the core insight that makes Grundschutz tractable. You don't reason about every server's risk individually — you classify each asset's Schutzbedarf, then deploy the matching control set. Risk analysis is reserved for the "high" classification.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026