Quiz Entry - updated: 2026.07.05
What are the Schutzbedarfsstufen (protection-need categories) in BSI IT-Grundschutz?
Two levels: Schutzbedarf normal (covered by Basis-/Standard-Anforderungen) and erhöhter Schutzbedarf (requires additional risk analysis and tighter controls).
* Two protection-need levels: normal is covered by Basis/Standard requirements; erhöht triggers extra 200-3 risk analysis. *
Visualised as a "castle silhouette":
▲ erhöhter Schutzbedarf → Anforderungen für erhöhten Schutzbedarf
─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ Schutzbedarf normal ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
Kern-Absicherung | Standard-Absicherung → Standard-Anforderungen
Basis-Absicherung → Basis-Anforderungen
Three "Absicherung" depths × two Schutzbedarf levels:
- Basis-Anforderungen — minimum that everyone implements.
- Standard-Anforderungen — additional measures for normal protection.
- Anforderungen für erhöhten Schutzbedarf — when 200-3 risk analysis flags an object as critical.
Tip: This is the core insight that makes Grundschutz tractable. You don't reason about every server's risk individually — you classify each asset's Schutzbedarf, then deploy the matching control set. Risk analysis is reserved for the "high" classification.
Go deeper:
IT-Grundschutz (Wikipedia, DE) — Schutzbedarf and the normal-vs-erhöht split explained.
BSI IT-Grundschutz (official overview, EN) — how requirement levels map to protection needs.