Skip to main content

Grundschutz++ IT-Grundschutz taken further

998 requirements across 20 thematic practices. Interactive migration from the BSI Kompendium 2023. Full data sovereignty through self-hosting.

998

Requirements

20

Practices

111

BSI modules mappable

7

Explorer dimensions

The fundamentals

What is Grundschutz++?

Grundschutz++ is a modern compliance management system that evolves classic BSI IT-Grundschutz. Instead of 111 modules across 10 layers, Grundschutz++ offers 998 requirements organised into 20 thematic practices – more practical, more detailed and more flexible.

Practice-oriented

20 thematic practices instead of abstract modules. Directly actionable and tailored to real security requirements.

Migration path

An interactive migration path from the BSI Kompendium 2023. See at a glance which practices are already covered.

In-depth

A 7-dimensional explorer with a statistics dashboard. Filter by modal verb, security level, effort and more.

Self-hosted

Full data sovereignty. Docker-based deployment with automatic sync of the BSI data.

Kompendium 2023 vs. Grundschutz++

What changes and why it is better

BSI Kompendium 2023

  • 111 modules across 10 layers
  • Module-oriented structure
  • ISMS, ORP, CON, OPS, DER, APP, SYS, IND, NET, INF
  • Static PDF documentation
  • Manual assignment to target objects
  • No interactive analysis

Grundschutz++

New
  • 998 requirements in 20 practices
  • Thematically organised structure
  • Bidirectional mapping to all 111 modules
  • Interactive 7-dimensional explorer
  • Automatic sync from BSI GitHub (OSCAL)
  • Full-text search, CSV export, dashboard

The framework

20 thematic practices

Grundschutz++ organises IT security into 20 practical practices – from governance to technical operations. Each practice bundles the relevant requirements thematically.

GC

Governance and compliance

Steering the ISMS, roles, policies and compliance

STM

Structure management

Structure analysis and modelling of the information domain

UMS

Implementing controls

Planning and implementation of security controls

VRB

Improvement

Continual improvement of the security level

PERF

Performance and metrics

Measuring effectiveness through metrics

RISK

Risk management

Identification, assessment and treatment of risks

ASST

Asset management

Inventory and classification of assets

PERS

Personnel management

Personnel security across the employment lifecycle

BES

Procurement

Security requirements in procurement

DLS

Service provider management

Assessment and steering of service providers (supply chain)

TEST

Test and change management

Change and test management for systems

GEB

Buildings and infrastructure

Physical security of buildings and infrastructure

SENS

Awareness

Awareness and training of employees

ARCH

Architecture and network security

Secure architecture, segmentation and network security

BER

Access management

Identity and access management

NOT

Emergency management

Emergency preparedness, BCM and recovery

DET

Detection

Detection of security-relevant events (monitoring/SIEM)

REA

Incident response

Incident response and handling

KONF

Configuration management

Secure configuration and hardening

DEV

Secure development

Security by design in development and maintenance

A smooth transition

Migration from the Kompendium 2023

Already working with BSI IT-Grundschutz? Grundschutz++ offers an interactive migration path: select the modules you have already implemented from the Kompendium 2023 and instantly see which Grundschutz++ practices are already covered.

  • Bidirectional mapping between the 111 BSI modules and 20 practices
  • Confidence-weighted cross-reference for precise translation
  • Automatic gap detection: what is covered, what is still missing?
  • JSON import/export for existing compliance documentation

How the migration works

1

Select modules

Select the BSI modules you have already implemented from the Kompendium 2023

2

Analyse the mapping

See the automatic mapping to Grundschutz++ practices

3

Identify gaps

Spot the missing areas and plan their implementation

4

Implement & document

Close the gaps with structured documentation

Our services

End-to-end support for Grundschutz++

From the initial analysis to ongoing operation – we guide you through every phase.

Gap analysis

Assessment of your current security level against Grundschutz++

  • As-is assessment
  • Maturity rating per practice
  • Prioritised action list

Migration

Structured transition from the Kompendium 2023 to Grundschutz++

  • Module-to-practice mapping
  • Gap identification
  • Migration schedule

Implementation

Setup and configuration of your Grundschutz++ system

  • Docker deployment
  • Tenant setup
  • BSI data integration

Compliance checks

Conducting and documenting your security checks

  • Structured assessments
  • Document management
  • Progress tracking

Training

Training your staff in the use of Grundschutz++

  • Admin training
  • User training
  • Best-practice workshops

Ongoing support

Continuous support and further development

  • Update management
  • Requirements sync
  • Expert advice

Why DLAU for Grundschutz++?

Developer expertise

Grundschutz++ was conceived and developed by DLAU

BSI know-how

Years of experience with IT-Grundschutz and the BSI methodology

Field-proven

In use at organisations in the public and private sector

Full control

Self-hosted with Docker – your data stays with you

Want to get to know Grundschutz++?

Let us show you Grundschutz++ in a personal demo. We advise you on migration and on the optimal setup for your organisation.

Related: IT security standards · NIS2 · Our services