IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components
_________________________________________________________________________________________
Completeness check
In the final step a check should be performed as to whether the entire system has been modelled
without any gaps. It is recommended that the network plan or a similar overview of the IT assets is
used here and that the individual components are checked systematically. Every component should
either be assigned to a group or else be modelled separately. If the complete network has been divided
into subnetworks in connection with Tier 4, a check should be performed as to whether
- every subnetwork has been completely represented and
- the sum of all the subnetworks completely describes the whole system.
It is important that not only all hardware and software components are represented from a technical
perspective, but that the related organisational, personnel and infrastructural aspects are fully covered
also. This can be checked using the tables provided in Section 2.3.2, in which for a few typical
components those modules of the IT Baseline Protection Manual which should be included in the
modelling in every case are specified.
If, when performing these checks, any gaps are revealed in the modelling, the relevant missing
components must be added. Otherwise there is a risk that important elements of the complete system
or important security aspects will be overlooked when using the IT Baseline Protection Manual.
If it is not possible to perform all the modelling because some modules which are needed are missing
from the IT Baseline Protection Manual, we would ask you to notify your requirements to the BSI’s IT
Baseline Protection Hotline.
Bundesamt für Organisation und Verwaltung (Federal Agency for Organisation and
Administration, BOV) - Part 8
The table below is an excerpt from the modelling performed for the fictitious BOV Department.
No. Name of module Target object / Sample Contact Notes
target group
person
3.1 Organisation Bonn site The Organisation module must be
worked through separately for the
Bonn and Berlin sites, as Berlin has its
own organisational procedures.
3.1 Organisation Berlin site
3.2 Personnel Entire BOV The BOV’s Human Resources
Department is located centrally in
Bonn.
4.3.3 Storage Media
Archives
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000
R U.02 (Bonn) The backup data media are kept in this
room.
5.3 Laptop PC C5 1 in
R 1.06
(Bonn)
5.3 Laptop PC C6 1 in
R 2.01
(Berlin)
A sample will be selected from all the
laptops, both in Bonn and Berlin.
7.5 WWW Server S5 S5 functions as the server for the
Intranet.
9.2 Databases S5 A database is used on server S5.