Yesterday, the BSI released the metadata update for the 12th supplemental set of the IT-Baseline Catalogs (German only). As of now, this update is available for verinice users.
For users of the free version of verinice the catalog can be found on our download server: it-grundschutz_el12_html_de.zip.
After downloading, the file has to be selected in the settings of verinice:
Menu -> Einstellungen -> BSI IT-Grundschutz -> ZIP-Datei mit GS-Katalogen
Please note: Unlike before, the version that is available on the BSI website for download cannot be used in verinice directly. Please use the above mentioned file only.
For users of verinice.PRO a new RPM package is ready in the repository. It can be installed using the normal update command. After updating the RPM package verinice.PRO the configuration of the server has to be changed in order for the new file to be processed. In the file:
change the property
Please note the list of changes of the 12th supplemental set compared to the previous version. In particular, changes in individual actions, that have to be considered as part of your basic security check. Changes such as discontinued measures are represented by verinice after the import. Changes in the content of individual measures must be reviewed by the security officer and possibly be re-evaluated.
When transferring the existing results to revised modules the verinice consolidation feature can be of help.
The complete description of all changes can be found in the PDF document provided by the BSI, see chapter "New": IT-Grundschutz-Kataloge-12-EL.pdf
Here is a short list of the main new features:
- Module 3.403 answering machineremoved
- Module 5.10 Internet Information Server removed
- Module 5.11 Apache Webserver removed
- Module 3.401 PBX revised
- Module 5.3 Groupware revised (former title : "E -mail" )
- Module 5.4 Webserver revised
- Module 4.8 Bluetooth added
- Module 3.305 Terminal Server added
- Module 3.304 virtualization added
- Module 5.18 DNS server added
- Module 5.19 Internet use added
Note for verinice.PRO installations: In order to include the new Grundschutzkatalog immediately, the cache of the application server needs to be emptied. Proceed as followed.
1. Stop the Tomcat-Server.
2. Delete all files in the folder /var/cache/tomcat/temp/ .
3. Deploy the changes in the file "veriniceserver-plain.properties". It is located in the directory /usr/share/tomcat6/webapps/veriniceserver/WEB-INF/ and contains the properties and preferences of the Baseline Catalogs to be used.
4. Restart the Tomcat-Server.