Federal Office for Information Security Act (BSI Act)
The BSI Act regulates the tasks and powers of the BSI (Federal Office for Information Security) as the supervisory and notification authority for IT security compliance among operators of critical infrastructures.
IT Security Act (IT-SiG)
The IT-SiG aims to improve IT security in companies and government administration, as well as among citizens using the internet. It describes measures and methods for this purpose.
BSI Critical Infrastructure Ordinance (BSI-KritisV)
The BSI Critical Infrastructure Ordinance regulates which companies in the critical infrastructure sectors are subject to the IT Security Act and defines the asset categories and thresholds for this purpose.
ISO/IEC 27000 series
- The ISO/IEC 27000 series (also known as the ISO/IEC 27000 family or ISO27k for short) describes standards for security procedures in information technology, how they can be introduced in a management system, which requirements must be met prior to certification and which measures are necessary and useful to achieve the goals.
- ISO 27001 and 27002: General rules and measures
- ISO 27011: Special rules for the telecommunications industry
- ISO 27019: Special rules for the energy sector
- ISO 27033: Special rules for network security
- ISO 27701: Special rules for data protection
Section 25a Banking Act (KWG)
This contains the basic principle of information security. Provision for the financial services industry, provided it is regulated by the Federal Financial Supervisory Authority (BaFin).
TISAX®/ VDA ISA
Trusted Information Security Assessment Exchange: the standard for information security within the automotive industry to unify standards in value chains. More detailed information can be found here