Grundschutz++: BSI names date for certification from 2027

For over two years now, the BSI has been working on the new version of IT baseline protection. So far, there has been a lot of criticism from practice that crucial questions about implementation remained unanswered – for example, when certification can take place according to the new standard and what will happen with personnel certifications.

The BSI has now resolved these uncertainties on its website: On November 1st, the advanced training for already certified consultants and audit team leaders on the new standard will start. Organizations can mark January 1, 2027, on their calendars. From this cut-off date, certification according to Grundschutz++, which is based on ISO 27001, will be officially available.

Read also

IT-Grundschutz: Radikalster Umbau seit Beginn

The good news for practice continues: The checklists for the “WiBA – Weg in die Basis-Absicherung” (Path to Basic Security), which are highly valued by many, will also be available again. According to the BSI, they are an integral part of baseline protection even in the new version. This means that a comparatively unbureaucratic and simple entry into IT security will remain possible, especially for smaller organizations.

In addition, the authority is sticking to the minimum standards for “selected application areas.” These continue to be primarily aimed at federal institutions (according to BSIG) to ensure a uniform security level there. However, it remains open whether and how these minimum standards will apply to companies falling under the NIS 2 Directive in the future. The BSI has so far left unanswered how the exact audit basis will look in practice.

A significant downside for everyone who wants to familiarize themselves with the subject currently remains the guide to methodology. The linked version remains unchanged at the state of March this year and is still very incomplete.

(mack)