Quiz Entry - updated: 2026.06.04
What are the Umsetzungshinweise (implementation notes) in the new IT-Grundschutz, and how do they differ from the old measures?
Umsetzungshinweise give concrete implementation advice for the requirements — but unlike the old catalogs, they are suggestions, not prescribed mandatory measures.
In the old IT-Grundschutz catalogs, each block contained binding Maßnahmen (measures) — you were told exactly what to implement.
In the new Kompendium:
- Blocks contain Anforderungen (requirements) — what must be achieved
- Separate Umsetzungshinweise documents provide concrete how-to guidance with suggested measures (analogous to how ISO 27002 supports ISO 27001)
- These hints are not binding — any measure that satisfies the requirement is acceptable
This gives organizations flexibility (use modern tooling, adapt to your environment) while the auditable core — the requirements — stays standardized.