← Frameworks / BSI IT-Grundschutz / Control Mappings

BSI IT-Grundschutz Compendium

Comprehensive German cybersecurity methodology from the Federal Office for Information Security (BSI). Covers 111 modules across process, system, network, application, infrastructure, operations, and detection/response layers. Widely adopted across German government, critical infrastructure, and enterprise.

Controls: 172

Total Mappings: 252

Publisher: Bundesamt fur Sicherheit in der Informationstechnik (BSI) Version: 2023

BSI IT-Grundschutz → SP 800-53 SP 800-53 → BSI IT-Grundschutz Coverage Analysis

AC (25) AT (5) AU (12) CA (3) CM (8) CP (13) IA (12) IR (6) MA (2) MP (2) PE (21) PL (6) PM (10) PS (9) PT (8) SA (4) SC (14) SI (12)

AC Access Control

Control	Name	BSI IT-Grundschutz References
AC-01	Access Control Policies and Procedures	ORP.4
AC-02	Account Management	OPS.1.1.2ORP.4
AC-03	Access Enforcement	ORP.4SYS.1.1SYS.2.1
AC-04	Information Flow Enforcement	NET.1.1ORP.4
AC-05	Separation Of Duties	OPS.1.1.2ORP.1ORP.4
AC-06	Least Privilege	OPS.1.1.2ORP.4
AC-07	Unsuccessful Login Attempts	ORP.4
AC-08	System Use Notification	ORP.4
AC-09	Previous Logon Notification	ORP.4
AC-10	Concurrent Session Control	ORP.4
AC-11	Session Lock	ORP.4
AC-12	Session Termination	ORP.4
AC-13	Supervision And Review -- Access Control	ORP.4
AC-14	Permitted Actions Without Identification Or Authentication	ORP.4
AC-15	Automated Marking	ORP.4
AC-16	Automated Labeling	ORP.4
AC-17	Remote Access	CON.7OPS.1.2.4ORP.4
AC-18	Wireless Access Restrictions	ORP.4
AC-19	Access Control For Portable And Mobile Devices	CON.7ORP.4
AC-20	Use Of External Information Systems	ORP.4
AC-21	Information Sharing	ORP.4
AC-22	Publicly Accessible Content	ORP.4
AC-23	Data Mining Protection	ORP.4
AC-24	Access Control Decisions	ORP.4
AC-25	Reference Monitor	ORP.4

AT Awareness and Training

Control	Name	BSI IT-Grundschutz References
AT-01	Security Awareness And Training Policy And Procedures	ORP.2ORP.3
AT-02	Security Awareness	ORP.2ORP.3
AT-03	Security Training	ORP.2ORP.3
AT-04	Security Training Records	ORP.2ORP.3
AT-06	Training Feedback	ORP.3

AU Audit and Accountability

Control	Name	BSI IT-Grundschutz References
AU-01	Audit And Accountability Policy And Procedures	OPS.1.1.5
AU-02	Auditable Events	OPS.1.1.5
AU-03	Content Of Audit Records	OPS.1.1.5
AU-04	Audit Storage Capacity	OPS.1.1.5
AU-05	Response To Audit Processing Failures	OPS.1.1.5
AU-06	Audit Monitoring, Analysis, And Reporting	DER.1OPS.1.1.5
AU-07	Audit Reduction And Report Generation	OPS.1.1.5
AU-08	Time Stamps	OPS.1.1.5
AU-09	Protection Of Audit Information	OPS.1.1.5
AU-10	Non-Repudiation	OPS.1.1.5
AU-11	Audit Record Retention	OPS.1.1.5
AU-12	Audit Record Generation	OPS.1.1.5

CA Security Assessment and Authorization

Control	Name	BSI IT-Grundschutz References
CA-02	Security Assessments	ORP.5
CA-07	Continuous Monitoring	DER.1
CA-09	Internal System Connections	ORP.5

CM Configuration Management

Control	Name	BSI IT-Grundschutz References
CM-02	Baseline Configuration	NET.1.2NET.3.1SYS.1.1SYS.2.1
CM-03	Configuration Change Control	OPS.1.1.2OPS.1.1.3
CM-04	Monitoring Configuration Changes	OPS.1.1.3OPS.1.1.6
CM-05	Access Restrictions For Change	OPS.1.1.2
CM-06	Configuration Settings	APP.1.1NET.1.2NET.3.1SYS.1.1SYS.2.1
CM-07	Least Functionality	APP.1.1NET.1.2NET.3.1SYS.1.1SYS.2.1
CM-12	Information Location	NET.1.2
CM-14	Signed Components	NET.3.1OPS.1.1.3SYS.1.1

CP Contingency Planning

Control	Name	BSI IT-Grundschutz References
CP-01	Contingency Planning Policy And Procedures	DER.4
CP-02	Contingency Plan	DER.4
CP-03	Contingency Training	DER.4
CP-04	Contingency Plan Testing And Exercises	DER.4
CP-05	Contingency Plan Update	DER.4
CP-06	Alternate Storage Site	CON.3DER.4
CP-07	Alternate Processing Site	DER.4
CP-08	Telecommunications Services	DER.4
CP-09	Information System Backup	CON.3DER.4
CP-10	Information System Recovery And Reconstitution	DER.4
CP-11	Alternate Communications Protocols	DER.4
CP-12	Safe Mode	DER.4
CP-13	Alternative Security Mechanisms	DER.4

IA Identification and Authentication

Control	Name	BSI IT-Grundschutz References
IA-01	Identification And Authentication Policy And Procedures	ORP.4
IA-02	User Identification And Authentication	ORP.4
IA-03	Device Identification And Authentication	ORP.4
IA-04	Identifier Management	ORP.4
IA-05	Authenticator Management	ORP.4
IA-06	Authenticator Feedback	ORP.4
IA-07	Cryptographic Module Authentication	ORP.4
IA-08	Identification and Authentication (Non-Organizational Users)	ORP.4
IA-09	Service Identification and Authentication	ORP.4
IA-10	Adaptive Authentication	ORP.4
IA-11	Re-authentication	ORP.4
IA-12	Identity Proofing	ORP.4

IR Incident Response

Control	Name	BSI IT-Grundschutz References
IR-01	Incident Response Policy And Procedures	DER.2.1
IR-04	Incident Handling	DER.2.1
IR-05	Incident Monitoring	DER.1DER.2.1
IR-06	Incident Reporting	DER.2.1
IR-08	Incident Response Plan	DER.2.1
IR-09	Information Spillage Response	DER.2.1

MA Maintenance

Control	Name	BSI IT-Grundschutz References
MA-04	Remote Maintenance	OPS.1.2.5
MA-07	Field Maintenance	OPS.1.2.5

MP Media Protection

Control	Name	BSI IT-Grundschutz References
MP-06	Media Sanitization And Disposal	CON.6
MP-08	Media Downgrading	CON.6

PE Physical and Environmental Protection

Control	Name	BSI IT-Grundschutz References
PE-01	Physical And Environmental Protection Policy And Procedures	INF.1INF.2
PE-02	Physical Access Authorizations	INF.1INF.2
PE-03	Physical Access Control	INF.1INF.2
PE-04	Access Control For Transmission Medium	INF.1INF.2
PE-05	Access Control For Display Medium	INF.1INF.2
PE-06	Monitoring Physical Access	INF.1INF.2
PE-07	Visitor Control	INF.1INF.2
PE-08	Access Records	INF.1INF.2
PE-09	Power Equipment And Power Cabling	INF.1INF.2
PE-10	Emergency Shutoff	INF.1INF.2
PE-11	Emergency Power	INF.1INF.2
PE-12	Emergency Lighting	INF.1INF.2
PE-13	Fire Protection	INF.1INF.2
PE-14	Temperature And Humidity Controls	INF.1INF.2
PE-15	Water Damage Protection	INF.1INF.2
PE-16	Delivery And Removal	INF.1INF.2
PE-17	Alternate Work Site	CON.7INF.1INF.2OPS.1.2.4
PE-18	Location Of Information System Components	INF.1INF.2
PE-21	Electromagnetic Pulse Protection	INF.1INF.2
PE-22	Component Marking	INF.1INF.2
PE-23	Facility Location	INF.1INF.2

PL Planning

Control	Name	BSI IT-Grundschutz References
PL-01	Security Planning Policy And Procedures	ORP.1
PL-04	Rules Of Behavior	ORP.5
PL-08	Security and Privacy Architectures	NET.1.1
PL-09	Central Management	ISMS.1ORP.1
PL-10	Baseline Selection	ISMS.1
PL-11	Baseline Tailoring	ISMS.1

PM Program Management

Control	Name	BSI IT-Grundschutz References
PM-01	Information Security Program Plan	ISMS.1ORP.1ORP.5
PM-02	Information Security Program Leadership Role	ISMS.1ORP.1
PM-03	Information Security and Privacy Resources	ISMS.1
PM-06	Measures of Performance	ISMS.1
PM-09	Risk Management Strategy	ISMS.1
PM-13	Security and Privacy Workforce	ORP.2ORP.3
PM-14	Testing, Training, and Monitoring	ORP.3
PM-25	Minimization of Personally Identifiable Information Used in Testing, Training, and Research	CON.2
PM-26	Complaint Management	CON.2
PM-27	Privacy Reporting	CON.2

PS Personnel Security

Control	Name	BSI IT-Grundschutz References
PS-01	Personnel Security Policy And Procedures	ORP.2
PS-02	Position Categorization	ORP.2
PS-03	Personnel Screening	ORP.2
PS-04	Personnel Termination	ORP.2
PS-05	Personnel Transfer	ORP.2
PS-06	Access Agreements	ORP.2
PS-07	Third-Party Personnel Security	ORP.2
PS-08	Personnel Sanctions	ORP.2
PS-09	Position Descriptions	OPS.1.1.2ORP.2

PT Personally Identifiable Information Processing and Transparency

Control	Name	BSI IT-Grundschutz References
PT-01	Policy and Procedures	CON.2
PT-02	Authority to Process Personally Identifiable Information	CON.2
PT-03	Personally Identifiable Information Processing Purposes	CON.2
PT-04	Consent	CON.2
PT-05	Privacy Notice	CON.2
PT-06	System of Records Notice	CON.2
PT-07	Specific Categories of Personally Identifiable Information	CON.2
PT-08	Computer Matching Requirements	CON.2

SA System and Services Acquisition

Control	Name	BSI IT-Grundschutz References
SA-04	Acquisitions	ORP.5
SA-11	Developer Security Testing	APP.3.1OPS.1.1.6
SA-20	Customized Development of Critical Components	OPS.1.1.6
SA-23	Specialization	APP.3.1

SC System and Communications Protection

Control	Name	BSI IT-Grundschutz References
SC-07	Boundary Protection	APP.3.1NET.1.1NET.1.2NET.3.1
SC-08	Transmission Integrity	APP.3.1CON.1
SC-12	Cryptographic Key Establishment And Management	CON.1
SC-13	Use Of Cryptography	CON.1
SC-18	Mobile Code	APP.1.1
SC-28	Protection of Information at Rest	CON.1CON.7OPS.1.2.4SYS.2.1
SC-32	System Partitioning	NET.1.1
SC-38	Operations Security	CON.1
SC-41	Port and I/O Device Access	NET.3.1
SC-42	Sensor Capability and Data	CON.7OPS.1.2.4SYS.2.1
SC-44	Detonation Chambers	APP.1.1OPS.1.1.4
SC-46	Cross Domain Policy Enforcement	NET.1.1
SC-47	Alternate Communications Paths	NET.1.1
SC-48	Sensor Relocation	DER.1

SI System and Information Integrity

Control	Name	BSI IT-Grundschutz References
SI-02	Flaw Remediation	OPS.1.1.3SYS.1.1SYS.2.1
SI-03	Malicious Code Protection	APP.1.1OPS.1.1.4
SI-04	Information System Monitoring Tools And Techniques	DER.1
SI-08	Spam Protection	OPS.1.1.4
SI-10	Information Accuracy, Completeness, Validity, And Authenticity	APP.3.1
SI-12	Information Output Handling And Retention	CON.6
SI-13	Predictable Failure Prevention	DER.4
SI-16	Memory Protection	OPS.1.1.4SYS.1.1SYS.2.1
SI-18	Personally Identifiable Information Quality Operations	CON.2CON.6
SI-19	De-identification	CON.2
SI-20	Tainting	DER.1OPS.1.1.5
SI-21	Information Refresh	APP.3.1