NIST CSF 2.0 → BSI IT-Grundschutz Mapping
Cross-reference mapping between NIST Cybersecurity Framework 2.0 subcategories and BSI IT-Grundschutz building blocks.
This page maps NIST Cybersecurity Framework 2.0 subcategories to BSI IT-Grundschutz building blocks. NIST CSF 2.0 provides a taxonomy of cybersecurity outcomes across six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
DE.AE-02
Potentially adverse events are analyzed to better characterize the events
DE.AE-03
Information is correlated from multiple sources
DE.AE-04
The estimated impact and scope of adverse events are understood
DE.AE-06
Information on adverse events is provided to authorized staff and tools
DE.AE-07
Cyber threat intelligence and other contextual information are integrated into the analysis of adverse events
DE.CM-01
Networks and network services are monitored to find potentially adverse events
DE.CM-02
The physical environment is monitored to find potentially adverse events
DE.CM-03
Personnel activity and technology usage are monitored to find potentially adverse events
DE.CM-06
External service provider activities and services are monitored to find potentially adverse events
DE.CM-09
Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events
GV.OC-01
The organizational mission is understood and informs cybersecurity risk management
GV.OC-03
Legal, regulatory, and contractual requirements regarding cybersecurity — including privacy and civil liberties obligations — are understood and managed
GV.OV-01
Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction
GV.OV-02
The cybersecurity risk management strategy is reviewed and adjusted to ensure its continued utility
GV.PO-01
Policy for managing cybersecurity risks is established
GV.PO-02
Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced
GV.RM-01
Risk management objectives are established and agreed to by organizational stakeholders
GV.RM-06
A standardized process for communicating cybersecurity risks is established and used
GV.RR-01
Organizational leadership is responsible and accountable for cybersecurity risk
GV.RR-02
Roles, responsibilities, and authorities related to cybersecurity risk management are established
GV.SC-01
A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
GV.SC-03
Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes
GV.SC-04
Suppliers are known and prioritized by criticality
GV.SC-05
Requirements to address cybersecurity risks in supply chains are established
GV.SC-06
Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
GV.SC-07
Risks posed by suppliers, their products and services, and other third parties are understood
GV.SC-09
Supply chain security practices are integrated into cybersecurity and enterprise risk management programs
GV.SC-10
Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
ID.AM-01
Inventories of hardware managed by the organization are maintained
ID.AM-02
Inventories of software, services, and systems managed by the organization are maintained
ID.AM-03
Representations of the organization's authorized network communication and internal and external network data flows are maintained
ID.AM-05
Assets are prioritized based on classification, criticality, resources, and impact on the mission
ID.IM-01
Improvements are identified from evaluations
ID.IM-02
Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
ID.IM-03
Improvements are identified from execution of operational processes and procedures
ID.RA-01
Vulnerabilities in assets are identified, validated, and recorded
ID.RA-03
Internal and external threats to the organization are identified and recorded
PR.AA-01
Identities and credentials for authorized users, services, and hardware are managed by the organization
PR.AA-02
Identities are proofed and bound to credentials based on the context of interactions
PR.AA-03
Users, services, and hardware are authenticated
PR.AA-05
Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed
APP.1.2
APP.1.2 Web Browsers
APP.2.1
APP.2.1 General Directory Service
APP.2.3
APP.2.3 OpenLDAP
APP.3.1
APP.3.1 Web Applications and Web Services
APP.4.2
APP.4.2 SAP ERP System
CON.7
CON.7 Information Security during International Travel
ORP.2
ORP.2 Personnel
ORP.4
ORP.4 Identity and Access Management
SYS.3.1
SYS.3.1 Laptops
SYS.3.2.1
SYS.3.2.1 General Smartphones and Tablets
SYS.3.2.2
SYS.3.2.2 Mobile Device Management (MDM)
SYS.3.2.3
SYS.3.2.3 iOS (for Enterprise)
SYS.3.2.4
SYS.3.2.4 Android
SYS.3.3
SYS.3.3 Mobile Phone
SYS.4.5
SYS.4.5 Removable Storage Media
PR.AA-06
Physical access to assets is managed, monitored, and enforced commensurate with risk
INF.1
INF.1 General Building
INF.10
INF.10 Meeting, Event, and Training Rooms
INF.2
INF.2 Data Center and Server Room
INF.5
INF.5 Room and Cabinet for Technical Infrastructure
INF.6
INF.6 Storage Media Archive
INF.7
INF.7 Office Workplace
INF.8
INF.8 Home Workplace
INF.9
INF.9 Mobile Workplace
ORP.4
ORP.4 Identity and Access Management
PR.AT-01
Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
PR.AT-02
Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks
PR.DS-01
The confidentiality, integrity, and availability of data-at-rest are protected
PR.DS-02
The confidentiality, integrity, and availability of data-in-transit are protected
APP.1.4
APP.1.4 Mobile Applications (Apps)
APP.3.1
APP.3.1 Web Applications and Web Services
APP.3.2
APP.3.2 Web Servers
APP.3.3
APP.3.3 File Servers
APP.3.4
APP.3.4 Samba
APP.3.6
APP.3.6 DNS Server
APP.5.3
APP.5.3 General Email Client and Server
APP.5.4
APP.5.4 Unified Communications and Collaboration (UCC)
CON.1
CON.1 Cryptographic Concept
CON.6
CON.6 Deletion and Destruction
CON.7
CON.7 Information Security during International Travel
NET.2.1
NET.2.1 WLAN Operation
NET.2.2
NET.2.2 WLAN Use
NET.3.3
NET.3.3 VPN
NET.4.1
NET.4.1 PBX Systems
NET.4.2
NET.4.2 VoIP
NET.4.3
NET.4.3 Fax Machines and Fax Servers
PR.DS-03
Assets are formally managed throughout removal, transfers, and disposition
PR.DS-10
The confidentiality, integrity, and availability of data-in-use are protected
PR.DS-11
Backups of data are created, protected, maintained, and tested
PR.IR-01
Networks and environments are protected from unauthorized logical access and usage
APP.3.6
APP.3.6 DNS Server
CON.7
CON.7 Information Security during International Travel
IND.1
IND.1 Process Control and Automation Technology
IND.2.1
IND.2.1 General ICS Component
IND.2.2
IND.2.2 Programmable Logic Controller (PLC)
IND.2.3
IND.2.3 Sensors and Actuators
IND.2.7
IND.2.7 Safety Instrumented Systems
IND.3.2
IND.3.2 Remote Maintenance in Industrial Environments
NET.1.1
NET.1.1 Network Architecture and Design
NET.1.2
NET.1.2 Network Management
NET.2.1
NET.2.1 WLAN Operation
NET.2.2
NET.2.2 WLAN Use
NET.3.1
NET.3.1 Routers and Switches
NET.3.2
NET.3.2 Firewall
NET.3.3
NET.3.3 VPN
NET.3.4
NET.3.4 Network Access Control
NET.4.1
NET.4.1 PBX Systems
NET.4.2
NET.4.2 VoIP
NET.4.3
NET.4.3 Fax Machines and Fax Servers
OPS.1.2.2
OPS.1.2.2 Archiving
OPS.1.2.6
OPS.1.2.6 NTP Time Synchronization
OPS.2.2
OPS.2.2 Cloud Use
SYS.1.2.2
SYS.1.2.2 Windows Server 2012
SYS.1.5
SYS.1.5 Virtualization
SYS.1.6
SYS.1.6 Containerization
SYS.4.1
SYS.4.1 Printers, Copiers, and Multifunction Devices
PR.IR-02
Mechanisms to achieve resilience requirements are implemented
IND.3.2
IND.3.2 Remote Maintenance in Industrial Environments
INF.1
INF.1 General Building
INF.12
INF.12 Cabling
INF.13
INF.13 Technical Building Management
INF.14
INF.14 Building Automation
INF.2
INF.2 Data Center and Server Room
INF.5
INF.5 Room and Cabinet for Technical Infrastructure
NET.1.1
NET.1.1 Network Architecture and Design
SYS.1.8
SYS.1.8 Storage Solutions
PR.IR-03
The organization's communications and technology infrastructure is prepared for impairment or failures
PR.IR-04
Adequate resource capacity to ensure availability is maintained
PR.PS-01
Configuration management practices are established and applied
APP.4.2
APP.4.2 SAP ERP System
APP.4.4
APP.4.4 Kubernetes
IND.2.1
IND.2.1 General ICS Component
IND.2.2
IND.2.2 Programmable Logic Controller (PLC)
IND.2.3
IND.2.3 Sensors and Actuators
IND.2.4
IND.2.4 Machine
IND.2.7
IND.2.7 Safety Instrumented Systems
NET.1.2
NET.1.2 Network Management
NET.3.1
NET.3.1 Routers and Switches
OPS.1.1.1
OPS.1.1.1 General IT Operations
OPS.1.2.6
OPS.1.2.6 NTP Time Synchronization
SYS.1.1
SYS.1.1 General Server
SYS.1.2.2
SYS.1.2.2 Windows Server 2012
SYS.1.2.3
SYS.1.2.3 Windows Server
SYS.1.3
SYS.1.3 Servers Running Linux and Unix
SYS.1.5
SYS.1.5 Virtualization
SYS.1.6
SYS.1.6 Containerization
SYS.1.7
SYS.1.7 IBM Z
SYS.1.8
SYS.1.8 Storage Solutions
SYS.1.9
SYS.1.9 Terminal Server
SYS.2.1
SYS.2.1 General Client
SYS.2.2.3
SYS.2.2.3 Clients Running Windows
SYS.2.3
SYS.2.3 Clients Running Linux and Unix
SYS.2.4
SYS.2.4 Clients Running macOS
SYS.2.5
SYS.2.5 Client Virtualization
SYS.2.6
SYS.2.6 Virtual Desktop Infrastructure
SYS.3.1
SYS.3.1 Laptops
SYS.3.2.1
SYS.3.2.1 General Smartphones and Tablets
SYS.3.2.2
SYS.3.2.2 Mobile Device Management (MDM)
SYS.3.2.3
SYS.3.2.3 iOS (for Enterprise)
SYS.3.2.4
SYS.3.2.4 Android
SYS.3.3
SYS.3.3 Mobile Phone
SYS.4.1
SYS.4.1 Printers, Copiers, and Multifunction Devices
SYS.4.3
SYS.4.3 Embedded Systems
SYS.4.4
SYS.4.4 General IoT Device
SYS.4.5
SYS.4.5 Removable Storage Media
PR.PS-02
Software is maintained, replaced, and removed commensurate with risk
APP.1.1
APP.1.1 Office Products
APP.1.2
APP.1.2 Web Browsers
APP.5.2
APP.5.2 Microsoft Exchange and Outlook
APP.5.4
APP.5.4 Unified Communications and Collaboration (UCC)
APP.6
APP.6 General Software
OPS.1.1.1
OPS.1.1.1 General IT Operations
OPS.1.1.2
OPS.1.1.2 Proper IT Administration
OPS.1.1.4
OPS.1.1.4 Protection Against Malware
SYS.1.1
SYS.1.1 General Server
SYS.1.2.2
SYS.1.2.2 Windows Server 2012
SYS.1.2.3
SYS.1.2.3 Windows Server
SYS.1.3
SYS.1.3 Servers Running Linux and Unix
SYS.1.7
SYS.1.7 IBM Z
SYS.2.1
SYS.2.1 General Client
SYS.2.2.3
SYS.2.2.3 Clients Running Windows
SYS.2.3
SYS.2.3 Clients Running Linux and Unix
SYS.2.4
SYS.2.4 Clients Running macOS
SYS.2.5
SYS.2.5 Client Virtualization
SYS.2.6
SYS.2.6 Virtual Desktop Infrastructure
SYS.4.4
SYS.4.4 General IoT Device
PR.PS-03
Hardware is maintained to reduce vulnerabilities
PR.PS-04
Log records are generated to enable monitoring, forensics, and incident response
PR.PS-05
Installation and execution of unauthorized software are prevented
PR.PS-06
Secure software development practices are integrated, and their security is evaluated
APP.1.1
APP.1.1 Office Products
APP.1.4
APP.1.4 Mobile Applications (Apps)
APP.3.1
APP.3.1 Web Applications and Web Services
APP.3.2
APP.3.2 Web Servers
APP.4.3
APP.4.3 Relational Databases
APP.4.4
APP.4.4 Kubernetes
APP.4.6
APP.4.6 SAP ABAP Programming
APP.7
APP.7 Development of Custom Software
CON.8
CON.8 Software Development
RC.RP-01
The recovery portion of the incident response plan is executed
RC.RP-02
Recovery actions are selected, scoped, prioritized, and performed
RC.RP-03
The integrity of backups and other restoration assets is verified before using them in restoration
RS.AN-03
Analysis is performed to establish what has occurred during an incident
RS.AN-06
Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved
RS.CO-02
Internal and external stakeholders are notified of incidents in a timely manner
RS.MA-01
The incident response plan is executed in coordination with relevant third parties once an incident is declared
RS.MA-04
Incidents are categorized and classified
These mappings are provided for reference and do not replace a professional compliance assessment.