Quiz Entry - updated: 2026.06.04
What is the Kreuzreferenztabelle (cross-reference table) of a Grundschutz block, and what do you use it for?
It maps each requirement of a block to the elementary threats it counters — showing which threats are covered and which security objectives (C/I/A) each requirement primarily protects.
Every Baustein ends with a cross-reference table:
- Rows: the block's requirements (e.g. CON.4.A1, CON.4.A2, …)
- Columns: the relevant elementare Gefährdungen (elementary threats, e.g. G 0.18 mis-planning, G 0.28 software vulnerabilities, G 0.39 malware)
- X marks: this requirement counteracts that threat
- A CIA column indicates which basic values the requirement primarily protects: C = Vertraulichkeit (confidentiality), I = Integrität (integrity), A = Verfügbarkeit (availability)
Uses in practice:
- Coverage check: is every relevant threat addressed by at least one implemented requirement?
- Risk argumentation: when you skip a SOLL requirement, the table shows which threats lose coverage — the basis for justifying or rejecting the deviation
- Input for risk analysis per BSI 200-3