What is the IKT-Minimalstandard, and what's its purpose?
A Swiss baseline cybersecurity standard published by the BWL (Bundesamt für wirtschaftliche Landesversorgung) — recommended (not mandatory) for operators of critical infrastructure, available for free to anyone.
* Published by BWL as a free, recommended (not mandatory) baseline aimed at operators of critical infrastructure. *
As the BWL puts it:
"Die grundsätzliche Verantwortung zum Eigenschutz liegt bei den jeweiligen Unternehmen und Organisationen. Überall da jedoch, wo das Funktionieren von kritischen Infrastrukturen betroffen ist, besteht eine staatliche Verantwortung … Dieser IKT-Minimalstandard ist Ausdruck der Schutzverantwortung des Staates …"
Key properties:
- Target audience: critical-infrastructure operators (energy, water, transport, finance, telecom).
- Voluntary — "wird empfohlen" — but politically pressured.
- Available for everyone — even non-critical SMEs can use it as a starting baseline.
- Free download from bwl.admin.ch.
Why BWL and not NCSC? Historical: the Landesversorgungsgesetz (national-supply law) gives BWL the mandate for critical-infrastructure resilience, predating the establishment of NCSC.
Tip: Switzerland has no formal cybersecurity certification regime for critical infrastructure (unlike Germany's BSI-KritisV). The IKT-Minimalstandard fills that gap as a recommended baseline — operators can demonstrate "due diligence" by implementing it.
Go deeper:
ICT minimum standard (NCSC, official EN — for companies) — the Swiss baseline for critical-infrastructure operators, with downloads.
ICT minimum standards (NCSC, official EN — for IT specialists) — the technical view and links to the standard and assessment tool.