LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What is the Kreuzreferenztabelle (cross-reference table) of a Grundschutz block, and what do you use it for?

It maps each requirement of a block to the elementary threats it counters — showing which threats are covered and which security objectives (C/I/A) each requirement primarily protects.

Every Baustein ends with a cross-reference table:

  • Rows: the block's requirements (e.g. CON.4.A1, CON.4.A2, …)
  • Columns: the relevant elementare Gefährdungen (elementary threats, e.g. G 0.18 mis-planning, G 0.28 software vulnerabilities, G 0.39 malware)
  • X marks: this requirement counteracts that threat
  • A CIA column indicates which basic values the requirement primarily protects: C = Vertraulichkeit (confidentiality), I = Integrität (integrity), A = Verfügbarkeit (availability)

Uses in practice:

  • Coverage check: is every relevant threat addressed by at least one implemented requirement?
  • Risk argumentation: when you skip a SOLL requirement, the table shows which threats lose coverage — the basis for justifying or rejecting the deviation
  • Input for risk analysis per BSI 200-3

From Quiz: ISM / IT-Grundschutz (BSI) | Updated: Jun 04, 2026