Table of contents

BSI IT Baseline Protection for secure IT infrastructures 

Opinions are not facts, but these evaluations speak a clear language: according to the"Data Theft Study 2025" by EY, 69 per cent of respondents estimate the danger of hacker attacks as "rather high" or "very high". 99 per cent even assume that cyberattacks will increase.

What can be done in view of this threat situation? The IT Baseline Protection developed by the Federal Office for Information Security (BSI) offers you a proven method for protecting IT systems efficiently and comprehensively. It is also referred to as "BSI Baseline Protection". More on that in a moment.

Due to growing requirements and an increased need for protection, the BSI is planning a comprehensive modernisation of IT Baseline Protection. It is to be implemented with a transition phase starting in January 2026.

The aim of the reform is to adapt the standard to current technological developments and threat situations. In addition, it is to undergo continuous updates. In this article, you will learn exactly what IT Baseline Protection is, how it works, and what innovations can be expected in the future.

What is BSI Baseline Protection (IT Baseline Protection)? 

"BSI Baseline Protection" refers to IT Baseline Protection (IT-Grundschutz). It is a standard from the BSI that supports companies and organisations in improving their IT security. With its structured approach, it is intended to identify typical security risks.

On this basis, you can take appropriate measures. The goal of IT Baseline Protection is to achieve an appropriate level of security. But with a not insignificant restriction: without excessively complex or expensive solutions.

The basis of IT Baseline Protection—or BSI Baseline Protection—is the regularly updated IT Baseline Protection Compendium. It contains a collection of modules (building blocks) covering typical IT systems, applications, and processes. Each individual module describes potential threats and provides specific recommendations for countermeasures.

The building blocks of IT Baseline Protection according to BSI specifications 

IT Baseline Protection is characterised by a systematic, modular approach. This is ideal for identifying security-relevant vulnerabilities and implementing the necessary security measures. In this way, you ensure the confidentiality and integrity of information and data.

The most important building blocks of BSI Baseline Protection include:

1. Organisation and Personnel

This area revolves around organisational measures. These include the definition of responsibilities, the training of employees, and the establishment of security management.

2. Security of Networks and Communication

This is about measures that protect networks and communication channels from unauthorised access—such as firewalls, VPNs, and network segmentation.

3. System and Application Security

This building block includes security measures for servers, operating systems, and applications: including updates, patches, and the configuration of security policies.

4. Emergency Management

IT Baseline Protection places great value on emergency preparation. This includes backup strategies, recovery plans, and regular testing of emergency plans.

Benefits of IT Baseline Protection 

The BSI model for IT Baseline Protection is orientated towards the current state of IT technology. When you implement IT Baseline Protection, you benefit from a comprehensive security concept: it takes into account organisational, personnel, and technical facets.

This strengthens information security within an organisation and supports compliance with the requirements for an Information Security Management System (ISMS). For critical infrastructures in particular, IT Baseline Protection is an indispensable tool: it allows sensitive information and systems to be protected in a targeted manner and security incidents to be avoided.

The implementation of IT Baseline Protection brings you numerous advantages:

• Holistic approach: IT Baseline Protection covers all aspects of IT security, ranging from organisation to technical implementation.
• Flexibility: Thanks to the modular structure, you can adapt IT Baseline Protection to your specific requirements.
• Compliance: Numerous legal requirements, such as the GDPR, can be met more easily through IT Baseline Protection.
• Cost-efficiency: By using proven measures, you can improve your IT security without incurring high costs.

Current developments: IT-Grundschutz++

From 1 January 2026, IT Baseline Protection will be modernised through IT-Grundschutz++. This further development aims to adapt the standard to current technological developments and reduce the documentation burden.

These are important innovations of IT-Grundschutz++:

• Machine-readable format: IT-Grundschutz++ will be provided in a JSON format. This enables automated compliance checks and easier integration into IT systems.
• Process-orientated structure: The new structure reduces redundancies and facilitates implementation thanks to an object-orientated representation.
• Performance indicators: A point system enables progress measurement in the categories of confidentiality, integrity, and availability.
• Expansion to include modern technologies: New modules for cloud security, IoT, and AI are being introduced, ensuring that current threat scenarios are taken into account.

What does the new BSI standard mean for companies? 

Companies should use the time until the introduction of IT-Grundschutz++ to optimise their IT security measures based on the current IT Baseline Protection Compendium. This includes identifying the necessary security measures.

A particular highlight of the BSI programme is the possibility of certification according to ISO 27001 on the basis of IT Baseline Protection. Organisations that have implemented BSI IT Baseline Protection not only benefit from increased protection against security incidents but also from effective incident management.

The BSI programme corresponds to the IT Baseline Protection basic training. At the same time, companies can set up an Information Security Management System (ISMS), which facilitates the transition to IT-Grundschutz++.

How do you implement BSI Baseline Protection? 

The official BSI certification programme offers various qualification levels for training specialists in the field of IT security. Entry is via the IT Baseline Protection basic training, which concludes with the exam to become an IT Baseline Protection Practitioner. After successful completion, certification with the BSI can be pursued.

The IT Baseline Protection advanced training to become an IT Baseline Protection Consultant builds on this. It provides deeper knowledge and prepares candidates for complex security concepts. These training courses are primarily aimed at IT Security Officers responsible for implementing IT Baseline Protection in their organisation.

The introduction of IT Baseline Protection takes place in several steps:

1. Recording the IT landscape

First, carry out an inventory of existing IT systems, applications, and processes. A Configuration Management Database (CMDB), such as that offered by i-doit, supports you in documenting all relevant information centrally. With a connected discovery solution, you can also automatically transfer new devices into the IT documentation on a regular basis, as well as provide up-to-date proof of installed software, licences, and cabling at any time.

2. Protection requirement analysis

Determine which systems require particular protection. Consider aspects such as confidentiality, integrity, and availability.

3. Selection of modules

Based on the protection requirement analysis, decide on suitable modules (building blocks) from the IT Baseline Protection Compendium. All modules are available as templates for import. BSI Baseline Protection is divided into the module groups ISMS, OR, SYS, APP, NET, INF, OPS, DER, and CON.

4. Implementation of measures

Now, implement the measures described in the compendium. These can be technical, organisational, or personnel measures.

5. Review and further development

Once IT Baseline Protection is implemented, you should regularly review the IT security measures and adapt them to new threats.

Implementing BSI Baseline Protection with i-doit 

 The implementation of BSI Baseline Protection (IT-Grundschutz) requires precise documentation of the IT infrastructure. This is where i-doit comes in: the i-doit CMDB is a central platform for documenting all IT assets, networks, and applications. With functions such as automated discovery and flexible adaptation to individual requirements, i-doit supports you in efficiently implementing IT Baseline Protection. 

Advantages of i-doit for the implementation of IT Baseline Protection 

As an i-doit user, you benefit from the following advantages:

• Automatic recording: Through network inventory, IT systems are automatically recorded and regularly updated.
• Central management: All information can be stored in one place, which facilitates analysis and planning.
• Compliance support: i-doit provides tools specifically tailored to the requirements of IT Baseline Protection and other standards such as ISO 27001.

IT Baseline Protection according to BSI as the basis for your IT security 

IT Baseline Protection (BSI-Grundschutz) is an indispensable tool for the systematic protection of your IT infrastructure. With its modular structure and practical recommendations, it forms a solid foundation for protection against cyber threats. In combination with i-doit as a powerful CMDB tool, you can improve your IT security efficiently and sustainably.

Start implementing IT Baseline Protection now! We would be happy to support you.

Test i-doit group software productively now.

The i-doit group is the leading software manufacturer for IT documentation, CMDB, ITSM & cabling management, as well as for ISMS, emergency management & data protection. Over 2,000 active customers trust us for their digital resilience.

Test for free for 30 days!