pds-it
['Product detail page','no']
IT security / IT basic protection (BSI)
'
All trainings
/
IT Security
/
IT baseline protection (BSI)
The illustrations were created in cooperation between humans and artificial intelligence. They show a future in which technology is omnipresent, but people remain at the center.
AI-generated illustration

IT-Grundschutz++ and OSCAL – Transition to a Compliance Pipeline

From the New BSI Framework to Practical Implementation in the Workplace

Online
2 days
German
Download PDF
€ 1.390,-
plus VAT.
€ 1.654,10
incl. VAT.
Booking number
42900
Venue
Online
5 dates
€ 1.390,-
plus VAT.
€ 1.654,10
incl. VAT.
Booking number
42900
Venue
Online
5 dates
Become a certified
Machine Learning Engineer
This course is part of the certified Master Class "Machine Learning Engineer". If you book the entire Master Class, you save over 15 percent compared to booking this individual module.
To the Master Class
In-house training
In-house training just for your employees - exclusive and effective.
Inquiries
In cooperation with
In cooperation with
ITech Progress
The traditional IT-Grundschutz methodology is reaching its limits in many organizations: Outdated modules and extensive documentation requirements tie up resources and hinder efficient implementation. With IT-Grundschutz++ and the state-of-the-art library, the Federal Office for Information Security (BSI) is breaking new ground: moving away from static rulebooks toward practice-oriented “practices” and machine-readable OSCAL formats. This reorientation opens up great potential for the automation of information security management systems—but at the same time presents companies with new challenges. In this practice-oriented training , you training how to apply the new structures operationally, modernize security processes, and successfully manage the transition from manual audits to an automated compliance pipeline.
Contents
  1. Methodology and Architecture – The Evolution of the BSI Catalog
    • Analysis of the state-of-the-art library and its structure.
    • Strategic Paradigm Shifts in Business Practice.
    • A shift away from static rule sets toward dynamic security models.
    • Structure, hierarchy, and dependencies of the new catalogs.
    • “Practices” compared to traditional measures and components.
       
  2. The Paradigm Shift – From Legacy Audits to the OSCAL Framework
    • Analysis of traditional audit approaches and their limitations.
    • Classification of existing automation solutions.
    • Introduction to the OSCAL Data Model.
    • Structural guidelines, data quality, and requirements.
    • Market overview and current tool landscape.
       
  3. Toolchain in Practice – End-to-End Compliance
    • Working with the BSI-AG 3 demo implementation.
    • Completion of a full audit cycle.
    • IT asset inventory and mapping.
    • Performing an automated baseline security check.
    • Development and implementation of a POA&M (Plan of Action and Milestones).
       
  4. Data Formats, Integration, and Architecture
    • Analysis of OSCAL-JSON structures at the code level.
    • Integration into existing IT and GRC environments.
    • Use of APIs and interfaces.
    • Integration into CI/CD and automation processes.
       
  5. Strategic Implementation and Outlook
    • Building a scalable compliance pipeline.
    • Preparing for new testing realities.
    • Development of a roadmap for company-wide implementation.
    • Key factors for successful automation.
Your benefit
  • You understand the fundamental changes brought about by IT-Grundschutz++ and the State-of-the-Art Library.
  • You will learn how to apply OSCAL and machine-readable security requirements in practice.
  • You can evaluate traditional audit approaches and systematically integrate them into automated processes.
  • You will gain concrete insights into toolchains and their use in the context of auditing and compliance.
  • You will develop a solid foundation for building an automated compliance architecture.
trainer
No items found.
Methods
  • Expert insights and structured analysis of the new BSI approaches
  • Hands-on demonstrations and exercises using the BSI toolchain
  • Hands-on exercises covering the entire audit process
  • Discussion of integration and architectural issues

The NTT Grundschutz++ tools are used:
https://github.com/NTT-Data-Deutschland-SE/Grundschutz-Plus-Plus-Tools

Final examination
Recommended for
  • Information Security Officers (ISOs) and CISOs
  • Security Consultants and Auditors
  • DevSecOps and IT architecture teams
  • Head of Governance, Risk & Compliance
Start dates and details

Form of learning

Learning form

7.10.2026
Online
Places free
Implementation secured
Book
Online
Places free
Implementation secured
Book
9.12.2026
Online
Places free
Implementation secured
Book
Online
Places free
Implementation secured
Book
10.3.2027
Online
Places free
Implementation secured
Book
Online
Places free
Implementation secured
Book
9.6.2027
Online
Places free
Implementation secured
Book
Online
Places free
Implementation secured
Book
22.9.2027
Online
Places free
Implementation secured
Book
Online
Places free
Implementation secured
Book
No items found.
No items found.
*Mandatory fields

Do you have questions about training?

Call us on +49 761 595 33900 or write to us at service@haufe-akademie.de or use the contact form.

The illustrations were created in cooperation between humans and artificial intelligence. They show a future in which technology is omnipresent, but people remain at the center.
AI-generated illustration
skill it logo
where tech professionals grow
Terms and conditions
Legal notice
Data Protection
Cookie settings