Quiz Entry - updated: 2026.07.05
What is the typical structure of an IT-Grundschutz Baustein (building block)?
Each block is a ~10-page document: description and threat landscape first, then requirements graded Basis / Standard / high protection need, plus a cross-reference table.
* The fixed Baustein structure — Beschreibung, Gefährdungslage, Anforderungen, Kreuzreferenztabelle. *
A Baustein (e.g. SYS.1.1 "general server") follows a fixed document structure:
- Beschreibung (description) — introduction, objective, scope/delimitation, responsible roles
- Spezifische Gefährdungslage — the specific threats relevant to this object
- Anforderungen (requirements) — not measures:
- Basis requirements (must be fulfilled first)
- Standard requirements
- Requirements for elevated protection need
- References to further information
- Annex: Kreuzreferenztabelle — the cross-reference table mapping requirements to elementary threats
Compact size (~10 pages) is intentional — the old catalogs' blocks plus measures had grown to thousands of pages; the Kompendium is usable in practice.
Go deeper:
IT-Grundschutz-Kompendium (BSI) — Zeigt den festen Bausteinaufbau (Beschreibung, Gefährdungslage, Anforderungen, Kreuzreferenztabelle).