ERFA KRITIS  - Audits was a Guest at CST Academy 

29. September 2023

In recent years, the number of critical facilities requiring special protection and registered with the German Federal Office for Information Security (BSI) has risen steadily. With KRITIS Audits in accordance with § 8a BSIG (IT Security Act), operators of critical infrastructures demonstrate the IT security and protective measures of their KRITIS facilities every two years. For this purpose, KRITIS auditors perform appropriate audit procedures to assess the level of cyber security. 

The "Erfahrungsaustausch (ERFA) KRITIS - Audits" is a working group within the Alliance for Cyber Security, which has made it its mission since 2020 to encourage open communication on the practical implementation of requirements and cross-industry best practices between operators of critical infrastructures, audit organizations and the BSI. 

Representatives of all parties meet every six months for the purpose of exchange and discussion. So far, the working meetings have only taken place virtually due to the pandemic. Now, for the 6th working meeting in September 2023, the members met in person for the first time at the CST Academy of usd AG. 

Jan Kemper, Head of Security Audits at usd AG is part of the working group: "The exchange with operators and authorities about the KRITIS requirements and their implementation is extremely valuable for us as auditors of critical infrastructures. Learning more about the perspectives of the other parties involved helps us to further optimize our auditing processes and to better take into account the needs of all. Contributing to the exchange of experience by making our CST Academy available for face-to-face meetings was obvious to us as usd - it is precisely this kind of exchange for which we started it." 


About ERFA KRITIS – Audits 

The "Erfahrungsaustausch KRITIS - Audits (ERFA KRITIS – Audits)" goes back to an initiative of the UP KRITIS working group Audits and Standards (UPK TAK AS) and the KRITIS experience exchange of training providers and auditors from 2020 and is intended to promote a platform for an open exchange of communication on the implementation of § 8a BSIG between the parties involved in the process within the framework of the provision of evidence. 

About CST Academy 

The CST Academy offers a platform for knowledge transfer, discussion and exchange on the topic of cyber security, because it wants to contribute to the development of a community of experts. Together for more security. 

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories