AWS Security Blog

New Security and Compliance Workbook: IT-Grundschutz

AWS Compliance has made available a new security and compliance workbook for AWS customers who are subject to the German Federal Office for Information Security (BSI) IT Baseline protection methodology (IT-Grundschutz).

IT-Grundschutz Compliance on Amazon Web Services is a new customer workbook that was developed and published by TÜV TRUST IT GmbH TÜV Austria Group, an independent body. This workbook provides a documentation framework meant to assist customers who seek to pursue certification for IT-Grundschutz using AWS. AWS Compliance engaged TÜV TRUST IT to develop this workbook as a customer-focused compliance tool. 

This workbook provides information about implementing the requirements of BSI-Standards 100-1 and 100-2, as well as the requirements set for IT-Grundschutz certifications of outsourced components. These requirements enable customers to prepare for their certification by leveraging the existing AWS ISO 27001 certification.

Customers subject to BSI IT-Grundschutz may use the workbook as a framework for their use of AWS. The workbook will help them to define and test the controls they operate, and document the dependence on the controls that AWS operates (compute, storage, database, networking, regions, Availability Zones, and edge locations). The workbook also should reduce the burden on customers of documenting the control environment for purposes of seeking a certification based on BSI’s standards.

Customers can download this workbook from the English AWS Compliance site, the German Compliance site, or this direct link (PDF). No NDA is required to access this workbook.

Please contact us with questions about IT-Grundschutz or meeting your compliance requirements in the cloud.

– Chad Woolf, Director, AWS Risk and Compliance