ERFA KRITIS  - Audits was a Guest at CST Academy 

29. September 2023

In recent years, the number of critical facilities requiring special protection and registered with the German Federal Office for Information Security (BSI) has risen steadily. With KRITIS Audits in accordance with § 8a BSIG (IT Security Act), operators of critical infrastructures demonstrate the IT security and protective measures of their KRITIS facilities every two years. For this purpose, KRITIS auditors perform appropriate audit procedures to assess the level of cyber security. 

The "Erfahrungsaustausch (ERFA) KRITIS - Audits" is a working group within the Alliance for Cyber Security, which has made it its mission since 2020 to encourage open communication on the practical implementation of requirements and cross-industry best practices between operators of critical infrastructures, audit organizations and the BSI. 

Representatives of all parties meet every six months for the purpose of exchange and discussion. So far, the working meetings have only taken place virtually due to the pandemic. Now, for the 6th working meeting in September 2023, the members met in person for the first time at the CST Academy of usd AG. 

Jan Kemper, Head of Security Audits at usd AG is part of the working group: "The exchange with operators and authorities about the KRITIS requirements and their implementation is extremely valuable for us as auditors of critical infrastructures. Learning more about the perspectives of the other parties involved helps us to further optimize our auditing processes and to better take into account the needs of all. Contributing to the exchange of experience by making our CST Academy available for face-to-face meetings was obvious to us as usd - it is precisely this kind of exchange for which we started it." 


About ERFA KRITIS – Audits 

The "Erfahrungsaustausch KRITIS - Audits (ERFA KRITIS – Audits)" goes back to an initiative of the UP KRITIS working group Audits and Standards (UPK TAK AS) and the KRITIS experience exchange of training providers and auditors from 2020 and is intended to promote a platform for an open exchange of communication on the implementation of § 8a BSIG between the parties involved in the process within the framework of the provision of evidence. 

About CST Academy 

The CST Academy offers a platform for knowledge transfer, discussion and exchange on the topic of cyber security, because it wants to contribute to the development of a community of experts. Together for more security. 

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...

Categories

Categories