Is Grundschutz++ coming in 2025?

 

What is Grundschutz++ and why is it important?

The IT security landscape is evolving at a rapid pace. Cyberattacks are becoming increasingly sophisticated, companies are accelerating their digital transformation, and regulatory requirements, such as the NIS2 directive and the planned Grundschutz++, are steadily increasing. It is precisely in this dynamic environment that Grundschutz++ comes into play, aiming to meet the growing demands of IT security.

As an advancement of the established IT-Grundschutz by the German Federal Office for Information Security (BSI), Grundschutz++ is designed to help organizations implement their IT security measures more efficiently and practically. But when will Grundschutz++ actually be introduced? And what makes it so special?

 

What is IT-Grundschutz++?

Grundschutz++ is an advancement of the previous IT-Grundschutzes developed by the German Federal Office for Information Security (BSI). It was designed to simplify, modernize, and make the implementation of IT security measures more efficient for organizations of all sizes. The goal remains the same: to achieve a high level of security in information technology while reducing complexity for users.

Why is Grundschutz++ needed?

Digitalization and emerging threats such as ransomware or supply chain attacks are posing increasing challenges for organizations. While the existing IT Grundschutz protection IT-Grundschutz provides a solid foundation, it is often perceived as too complex and inflexible. This is particularly true for small and medium-sized enterprises (SMEs), which struggle with the heavy documentation workload when implementing IT-Grundschutz without the help of an ISMS-Tool . The fuentis AG is an official partners of the BSI.

What makes Grundschutz++ special?

A key aspect of Grundschutz++ is the departure from the traditional documentation method. Instead of relying on extensive Word documents and lists, Grundschutz++ uses Excel spreadsheets to present security measures in a more structured and clear manner. However, this remains a conventional approach, which is significantly more time-consuming and costly compared to utilizing an ISMS tool. This change is intended to make IT security more accessible, especially for small and medium-sized enterprises (SMEs).

Key Features of Grundschutz++ at a Glance:

• Modernized Content: Incorporates current challenges such as cloud security, IoT, and new threat scenarios in Industry 4.0.
• Focus on Practicality: Grundschutz++ aims to be not only secure but also practical, addressing a common criticism of the previous IT Grundschutz protection of the BSI.
• Flexibility: The new structure allows for better adaptation to individual requirements and a more targeted approach to industry-specific risks.

An Important Step Toward the Future

Grundschutz++ directly addresses the needs of modern organizations operating in a dynamic IT landscape. With its new approaches and methods, it could make IT security more accessible for organizations without compromising on quality. However, whether these expectations will be met remains to be seen after its official introduction.

 

Will Grundschutz++ really Launch in 2025?

The introduction of Grundschutz++ has been highly anticipated. At the IT security trade fair it-sa 2024, the German Federal Office for Information Security (BSI) officially clarified that Grundschutz++ will not be introduced in 2025 but will instead launch on January 1, 2026. This clear timeline provides companies and public authorities with enough time to prepare for the upcoming changes.

What Does This Mean for Companies?

Although Grundschutz++ will not be introduced until 2026, companies should take this opportunity to familiarize themselves with the concepts of the current IT-Grundschutz. The existing modules continue to provide a solid foundation for maintaining IT security. At the same time, organizations should closely monitor developments from the BSI to ensure they are ready to transition to Grundschutz++ when the time comes.

 

What Can Companies Do Today?

Even though Grundschutz++ will not take effect until January 1, 2026, companies can already take proactive steps to prepare and optimize their IT security measures. The current IT Grundschutz protection provided by the BSI remains a trusted framework that can be effectively used to systematically strengthen information security.

Effectively Utilizing the Current IT-Grundschutz

A crucial first step is the consistent use of the existing IT-Grundschutz modules. These modules cover a wide range of security aspects and can be flexibly adapted to meet the specific requirements of a company. At the same time, organizations can establish or enhance an Information Security Management System (ISMSISMS) based on the ISO 27001 standard or the recommendations of the BSI. Such an ISMS not only provides a solid foundation for the current IT security strategy but also facilitates a smoother transition to Grundschutz++. Regular audits further help identify vulnerabilities early and address them proactively before they become significant risks.

Training Employees and Optimizing Processes

In addition, companies should invest in training their employees. Training programs focused on the current IT Grundschutz protection prepare teams to implement existing measures effectively while also familiarizing them with the concepts of the upcoming Grundschutz++. These efforts not only enhance employees’ IT security expertise but also foster a culture of awareness regarding potential security risks. Simultaneously, organizations should evaluate their internal processes for efficiency and flexibility to ensure a seamless transition to the new methods introduced by Grundschutz++.

 

A Step Toward the Future of IT Security

Grundschutz++, launching on January 1, 2026, offers a practical approach to addressing the growing demands of IT security. Companies can prepare now by utilizing the current IT Grundschutz protection and establishing an ISMS. While an ISMS can be implemented using Word or Excel files, this approach is often time-consuming and costly. Leveraging a specialized ISMS-Tool , however, allows for a much more efficient and resource-friendly implementation, making the transition to Grundschutz++ smoother and supporting a forward-looking IT security strategy.