AWS Security Blog

New Security and Compliance Workbook: IT-Grundschutz

AWS Compliance has made available a new security and compliance workbook for AWS customers who are subject to the German Federal Office for Information Security (BSI) IT Baseline protection methodology (IT-Grundschutz).

IT-Grundschutz Compliance on Amazon Web Services is a new customer workbook that was developed and published by TÜV TRUST IT GmbH TÜV Austria Group, an independent body. This workbook provides a documentation framework meant to assist customers who seek to pursue certification for IT-Grundschutz using AWS. AWS Compliance engaged TÜV TRUST IT to develop this workbook as a customer-focused compliance tool. 

This workbook provides information about implementing the requirements of BSI-Standards 100-1 and 100-2, as well as the requirements set for IT-Grundschutz certifications of outsourced components. These requirements enable customers to prepare for their certification by leveraging the existing AWS ISO 27001 certification.

Customers subject to BSI IT-Grundschutz may use the workbook as a framework for their use of AWS. The workbook will help them to define and test the controls they operate, and document the dependence on the controls that AWS operates (compute, storage, database, networking, regions, Availability Zones, and edge locations). The workbook also should reduce the burden on customers of documenting the control environment for purposes of seeking a certification based on BSI’s standards.

Customers can download this workbook from the English AWS Compliance site, the German Compliance site, or this direct link (PDF). No NDA is required to access this workbook.

Please contact us with questions about IT-Grundschutz or meeting your compliance requirements in the cloud.

Author

Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.