Published document Maturity and implementation level assessment within framework of verification test (RUN), specifying how maturity, implementation levels assessed.
That, in context of §8a BSIG verification test; new criteria create more transparency and standardize the provision of evidence to GE BSI.
Follows
Overview
Current KRITIS certificates already include assessment of maturity levels of security management systems (ISMS) and business continuity management systems (BCMS).
But also level of implementation of attack detection systems used, which is carried out in each case by the auditing body.
In connection with newly introduced method to determine maturity, implementation levels, subject areas are added, for which respective implementation level will also be determined in the future as part of evidence to be provided on a regular basis.
The areas added are: Organizational Measures (OrgM); Person-related measures (PerM); Physical Measures (PhyM) and Technical Measures (TecM).
Some concrete measures are assigned to the new topic areas, leaving scope for individual or sector-specific adjustments.
With introduction of RUN, GE BSI aims to offer operators and inspecting bodies a uniform basis for evaluation and to specifically identify areas where action is needed.
Effectiveness
The new requirements apply to audits ending after Apr. 1, 2025.
