Grundschutz++ IT-Grundschutz taken further
998 requirements across 20 thematic practices. Interactive migration from the BSI Kompendium 2023. Full data sovereignty through self-hosting.
Requirements
Practices
BSI modules mappable
Explorer dimensions
The fundamentals
What is Grundschutz++?
Grundschutz++ is a modern compliance management system that evolves classic BSI IT-Grundschutz. Instead of 111 modules across 10 layers, Grundschutz++ offers 998 requirements organised into 20 thematic practices – more practical, more detailed and more flexible.
-
Practice-oriented
-
20 thematic practices instead of abstract modules. Directly actionable and tailored to real security requirements.
-
Migration path
-
An interactive migration path from the BSI Kompendium 2023. See at a glance which practices are already covered.
-
In-depth
-
A 7-dimensional explorer with a statistics dashboard. Filter by modal verb, security level, effort and more.
-
Self-hosted
-
Full data sovereignty. Docker-based deployment with automatic sync of the BSI data.
Kompendium 2023 vs. Grundschutz++
What changes and why it is better
BSI Kompendium 2023
- 111 modules across 10 layers
- Module-oriented structure
- ISMS, ORP, CON, OPS, DER, APP, SYS, IND, NET, INF
- Static PDF documentation
- Manual assignment to target objects
- No interactive analysis
Grundschutz++
New- 998 requirements in 20 practices
- Thematically organised structure
- Bidirectional mapping to all 111 modules
- Interactive 7-dimensional explorer
- Automatic sync from BSI GitHub (OSCAL)
- Full-text search, CSV export, dashboard
The framework
20 thematic practices
Grundschutz++ organises IT security into 20 practical practices – from governance to technical operations. Each practice bundles the relevant requirements thematically.
Governance and compliance
Steering the ISMS, roles, policies and compliance
Structure management
Structure analysis and modelling of the information domain
Implementing controls
Planning and implementation of security controls
Improvement
Continual improvement of the security level
Performance and metrics
Measuring effectiveness through metrics
Risk management
Identification, assessment and treatment of risks
Asset management
Inventory and classification of assets
Personnel management
Personnel security across the employment lifecycle
Procurement
Security requirements in procurement
Service provider management
Assessment and steering of service providers (supply chain)
Test and change management
Change and test management for systems
Buildings and infrastructure
Physical security of buildings and infrastructure
Awareness
Awareness and training of employees
Architecture and network security
Secure architecture, segmentation and network security
Access management
Identity and access management
Emergency management
Emergency preparedness, BCM and recovery
Detection
Detection of security-relevant events (monitoring/SIEM)
Incident response
Incident response and handling
Configuration management
Secure configuration and hardening
Secure development
Security by design in development and maintenance
A smooth transition
Migration from the Kompendium 2023
Already working with BSI IT-Grundschutz? Grundschutz++ offers an interactive migration path: select the modules you have already implemented from the Kompendium 2023 and instantly see which Grundschutz++ practices are already covered.
- Bidirectional mapping between the 111 BSI modules and 20 practices
- Confidence-weighted cross-reference for precise translation
- Automatic gap detection: what is covered, what is still missing?
- JSON import/export for existing compliance documentation
How the migration works
Select modules
Select the BSI modules you have already implemented from the Kompendium 2023
Analyse the mapping
See the automatic mapping to Grundschutz++ practices
Identify gaps
Spot the missing areas and plan their implementation
Implement & document
Close the gaps with structured documentation
Our services
End-to-end support for Grundschutz++
From the initial analysis to ongoing operation – we guide you through every phase.
Gap analysis
Assessment of your current security level against Grundschutz++
- As-is assessment
- Maturity rating per practice
- Prioritised action list
Migration
Structured transition from the Kompendium 2023 to Grundschutz++
- Module-to-practice mapping
- Gap identification
- Migration schedule
Implementation
Setup and configuration of your Grundschutz++ system
- Docker deployment
- Tenant setup
- BSI data integration
Compliance checks
Conducting and documenting your security checks
- Structured assessments
- Document management
- Progress tracking
Training
Training your staff in the use of Grundschutz++
- Admin training
- User training
- Best-practice workshops
Ongoing support
Continuous support and further development
- Update management
- Requirements sync
- Expert advice
Why DLAU for Grundschutz++?
Developer expertise
Grundschutz++ was conceived and developed by DLAU
BSI know-how
Years of experience with IT-Grundschutz and the BSI methodology
Field-proven
In use at organisations in the public and private sector
Full control
Self-hosted with Docker – your data stays with you
Want to get to know Grundschutz++?
Let us show you Grundschutz++ in a personal demo. We advise you on migration and on the optimal setup for your organisation.
Related: IT security standards · NIS2 · Our services