KRITIS

KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025

30. August 2024

According to Section 8a (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard.

The KRITIS audit is due in 2025 for the following sectors:

  • Finance and Insurance
  • Transport and Traffic
  • Health

The KRITIS Regulation defines a total of ten sectors that provide critical services to the general public. KRITIS operators are obliged to provide the Federal Office for Information Security (BSI) with evidence every two years that they have implemented cyber security measures in accordance with the state of the art. These audits must be initiated by the operators themselves.

KRITIS Illustration

If you need help or advice with your KRITIS audit, please contact us. We are happy to help.

Also interesting:

Top 3 Vulnerabilites in System Pentests

Top 3 Vulnerabilites in System Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

DORA Deep Dive: Reporting of ICT-Related Incidents

DORA Deep Dive: Reporting of ICT-Related Incidents

The Digital Operational Resilience Act (DORA) requires major ICT-related incidents to be reported to the German Federal Financial Supervisory Authority (BaFin) from January 2025. Why should you take a close look at this requirement now? Where in DORA is this...

Categories

Categories