News and information about verinice.

Learn everything that is important

PCI DSS available as module for verinice

The verinice.TEAM has published the additional module verinice PCI DSS. This requirements catalog maps the Payment Card Industry Data Security Standard (PCI DSS) in verinice. The module can be used with verinice starting with version 1.22 in the ISM perspective. It is available to purchase in the verinice.SHOP

About the module verinice PCI DSS

The module verinice PCI DSS enables tool-supported verification of compliance with PCI DSS requirements. Requirements from other standards or laws (e.g. GDPR, HIPAA, ISO 27001 etc.) can also be conveniently mapped to avoid redundancies. verinice thus enables an integrated management system. 

Together, verinice and the PCI DSS module make it much easier to check and process compliance with the requirements. The module contains the complete PCI DSS requirements, which are imported into verinice. Users can thus skip the time-consuming and tedious part of the work, and use time more productively for working with the standard. In addition, responsibilities can be stored in verinice and individual requirements can be delegated so that colleagues can work together on the assessment. The associated reports provide meaningful overviews of the status quo of the organization.

About PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was developed to improve the security of cardholder data and facilitate the adoption of consistent data security measures around the world. The PCI-DSS provides basic technical and operational requirements for protecting cardholder data. The PCI-DSS applies to all entities involved in the processing of payment cards – including merchants, processors, billing entities, card issuers and service providers, and other entities that store, process, or share CHD (Cardholder Data) and/or SAD (Sensitive Authentication Data).

verinice and B3S Krankenhaus: Funding from the Hospital Future Fund

Icon B3S

verinice. as well as verinice.PRO and the add-on module Zusatzmodul B3S Krankenhaus are qualified for funding from the Hospital Future Fund (KHZF). SerNet thus offers clinics and hospitals that have to improve their IT security and introduce information security management by the deadline of 01.01.2022 a comprehensive solution that meets their needs and is also eligible for funding. The corresponding proof of suitability for eligible service providers is held by SerNet.

The ISMS tool verinice or verinice.PRO is already in use as a reliable solution in the healthcare sector (e.g. Universitätsklinikum Halle, Charité Universitätsmedizin Berlin). The verinice.TEAM has also integrated the "Industry-Specific Security Standard for Healthcare in Hospitals" (B3S Krankenhaus), which is published by the German Hospital Association. The combination of verinice and the industry standard supports hospitals in meeting the requirements of the Patientendaten-Schutz-Gesetz (PDSG). According to this, by 01.01.2022, clinics and hospitals that are not classified as KRITIS (>30,000 full inpatient cases) are also "obliged to take appropriate organisational and technical precautions in accordance with the state of the art to prevent disruptions to the availability, integrity and confidentiality of their IT systems in order to ensure the functionality of the respective hospital and the security of the processed patient information." 

In accordance with the Krankenhauszukunftsgesetz für die Digitalisierung von Krankenhäusern 

funding can be applied for for the procurement and operation of verinice or verinice.PRO as well as the verinice module B3S Hospital since 1.1.2021. The responsible colleagues from the SerNet sales team have also obtained the necessary certificate in accordance with the Hospital Structure Fund Ordinance (KHSFV). SerNet is thus an authorised service provider. 

Some verinice.PARTNERS can also already show the "KHZG certificate" and offer comprehensive advice on the topics of: Improving IT security, ISMS for hospitals in general or specifically with the B3S and the funding from the KHZF. You can identify the relevant partners via our Partner-Locator.

verinice 1.22 published

The new version of the ISMS tool verinice 1.22.1 is available.

(UPDATE: See below at the end of the text for the short-term changes from 1.22 to 1.22.1).

Users can either obtain it from the verinice.SHOP or download it from the repository for Pro customers. In the release notes for verinice 1.22 we list all new features. 

The BSI IT-Grundschutz-Kompendium Edition 2021 is now also available in the verinice.SHOP or in the Pro repository. It is recommended to use it in combination with verinice 1.22 – an update is possible from the former Edition 2020 is possible.

Particularly noteworthy in the new version are: 

  • VDA ISA / TISAX version 4 and 5 (catalogs and report templates): For the modeling of the self-assessment according to VDA ISA / TISAX, both the current version 5 (default) and the previous version 4 are delivered with verinice 1.22, including the respective report templates.
  • Reporting form according to BSIG 8b for security incidents: The Incident target object has been updated for both the ISM perspective and the modernized IT-Grundschutz perspective and now maps security incidents.
  • Correction of the link view under macOS BigSur: This issue was identified and resolved together with the verinice community. 
  • Acceleration of VNA export for scopes with more than 20,000 elements.

Data protection module 3 for verinice (German only) is also available in a revised perspective. It now includes the BSIG 8b notification form for data protection incidents for the respective perspective (IT-Grundschutz and ISO/ISM). This also applies to the Risk Catalog Plus incl. data protection module, which is aimed in particular at energy network operators who have to implement the mandatory IT security catalog and the requirements contained therein in accordance with Section 11 (1a) EnWG (based on DIN ISO/IEC 27001:2017, DIN ISO/IEC 27002:2017, ISO/IEC 27005:2018 and DIN EN ISO/IEC 27019:2020). In addition, the data protection module for the Basic Protection Perspective has been updated to the new Basic Protection Compendium Edition 2021. 

verinice 1.23 is scheduled for week 40 (October 4-8, 2021). The planning for this can be viewed in the verinice.FORUM. Native support for Apple M1, an update to Java 11 and an update of the RCP framework are already set. A decision on the CentOS successor should also be made by the time of the release in the fall.

Update: 1.22 to 1.22.1

With verinice 1.22.1, the verinice.TEAM fixes an error when updating a modelled information network to Edition 2021 of the IT-Grundschutz Compendium. Mistakenly, changes from the previous edition 2020 were not deleted during the remodelling but kept as "new" changes from the edition 2021. The problem is described in detail in this post in the forum: https://forum.verinice.com/t/kompendiums-update-von-8-0-und-8-1-auf-9/1337. The problem can be easily corrected in verinice 1.22.1 by remodelling with the new version 9.1 of the IT-Grundschutz-Kompendium of Edition 2021 published in parallel. For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!

IT-Grundschutz-Kompendium 9.1 Edition 2021

With the **IT-Grundschutz-Kompendium 9.1 Edition 2021**, the verinice.TEAM provides a new version of the IT-Grundschutz-Kompendium to correct the error fixed with verinice 1.22.1 when updating the IT-Grundschutz-Kompendium. The new version replaces the previous one with the same content, but the newer release tag [2021-1] enables the correction through simple re-modelling. Users who have modelled an information network without updating from a previous edition with the previous version *IT-Grundschutz-Kompendium 9 Edition 2021* can continue to use it. An update from version 9 to version 9.1 is not required. Note: For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!

Program for the verinice.XP 2021 published

Ausschnitt Agenda der verinice.XP 2021 Tag 1

The final program for verinice.XP 2021 is online. For the first time, the conference will take place completely in digital form on February 24 and 25. The speakers will give their presentations live via Zoom – participants can follow the conference flexibly from any location. The agenda is published on the conference website, tickets are available for 99 euros.

The main language of the conference is German; have a look at this article about the program. If you would be interested in a verinice.XP in English or an Workshop please contact us at verinice@remove-this.sernet.de.

About verinice.XP

verinice.XP is the conference for users of the OpenSource ISMS tool verinice.

For years, verinice.XP has brought together IT decision-makers, security managers and data protection officers from companies, institutions and public authorities. They all share the use of verinice for information security management or data protection management.

verinice. Job Offers

With verinice. SerNet GmbH provides the only open source tool for the management of information security (ISMS). In order to grow dynamically and to further advance the development of the software, the team is looking for additional members with immediate effect.

Three positions are currently open:

The verinice.TEAM works distributed at the locations Berlin (Mitte) and Göttingen (headquarters of SerNet). Interested parties can apply for both locations. Details on tasks, requirements and benefits are included in the respective job description.

About verinice.

verinice is the only tool for information security management under open source license. It is in use in 4 German states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public sector institutions, especially in critical infrastructures. For the industrial sector, verinice supports not only the IT Baseline Protection of the BSI but also the ISO 27001 and is used here by companies throughout Europe and also by the Council of the European Commission or European national banks.

Working at SerNet

You can find more information from SerNet about the working environment online, as well as further information about training, studying and women in STEM professions. Furthermore, you can read here how we deal with COVID-19 and working from home.

For questions about the positions or to apply (PDF format), please contact SerNet Managing Director Reinhild Jung at jobs@remove-this.sernet.de.

Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

Deutsch English Lingua italiana Český jazyk
Contact us
Contact

We are here for you!

Our sales team will be happy to help you with any questions you may have about SerNet's verinice products and services - personally and tailored to your individual interests.

You can reach us directly by phone at +49 551 370000-0.
Send us an email at vertrieb@remove-this.sernet.de.

verinice sales team
Sales team: Christian Börker, Alina Schnur, Nadine Dreymann, Andrea Schell, Willem Rothe
captcha
* mandatory fields

licensed by

Bundesamt für Sicherheit in der Informationstechnik
IT-Grundschutz

SerNet

SerNet GmbH

Bahnhofsallee 1b
37081 Göttingen
www.sernet.de

© SerNet GmbH, 2024