The new version of the ISMS tool verinice 1.22.1 is available.
(UPDATE: See below at the end of the text for the short-term changes from 1.22 to 1.22.1).
Users can either obtain it from the verinice.SHOP or download it from the repository for Pro customers. In the release notes for verinice 1.22 we list all new features.
The BSI IT-Grundschutz-Kompendium Edition 2021 is now also available in the verinice.SHOP or in the Pro repository. It is recommended to use it in combination with verinice 1.22 – an update is possible from the former Edition 2020 is possible.
Particularly noteworthy in the new version are:
- VDA ISA / TISAX version 4 and 5 (catalogs and report templates): For the modeling of the self-assessment according to VDA ISA / TISAX, both the current version 5 (default) and the previous version 4 are delivered with verinice 1.22, including the respective report templates.
- Reporting form according to BSIG 8b for security incidents: The Incident target object has been updated for both the ISM perspective and the modernized IT-Grundschutz perspective and now maps security incidents.
- Correction of the link view under macOS BigSur: This issue was identified and resolved together with the verinice community.
- Acceleration of VNA export for scopes with more than 20,000 elements.
Data protection module 3 for verinice (German only) is also available in a revised perspective. It now includes the BSIG 8b notification form for data protection incidents for the respective perspective (IT-Grundschutz and ISO/ISM). This also applies to the Risk Catalog Plus incl. data protection module, which is aimed in particular at energy network operators who have to implement the mandatory IT security catalog and the requirements contained therein in accordance with Section 11 (1a) EnWG (based on DIN ISO/IEC 27001:2017, DIN ISO/IEC 27002:2017, ISO/IEC 27005:2018 and DIN EN ISO/IEC 27019:2020). In addition, the data protection module for the Basic Protection Perspective has been updated to the new Basic Protection Compendium Edition 2021.
verinice 1.23 is scheduled for week 40 (October 4-8, 2021). The planning for this can be viewed in the verinice.FORUM. Native support for Apple M1, an update to Java 11 and an update of the RCP framework are already set. A decision on the CentOS successor should also be made by the time of the release in the fall.
Update: 1.22 to 1.22.1
With verinice 1.22.1, the verinice.TEAM fixes an error when updating a modelled information network to Edition 2021 of the IT-Grundschutz Compendium. Mistakenly, changes from the previous edition 2020 were not deleted during the remodelling but kept as "new" changes from the edition 2021. The problem is described in detail in this post in the forum: https://forum.verinice.com/t/kompendiums-update-von-8-0-und-8-1-auf-9/1337. The problem can be easily corrected in verinice 1.22.1 by remodelling with the new version 9.1 of the IT-Grundschutz-Kompendium of Edition 2021 published in parallel. For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!
IT-Grundschutz-Kompendium 9.1 Edition 2021
With the **IT-Grundschutz-Kompendium 9.1 Edition 2021**, the verinice.TEAM provides a new version of the IT-Grundschutz-Kompendium to correct the error fixed with verinice 1.22.1 when updating the IT-Grundschutz-Kompendium. The new version replaces the previous one with the same content, but the newer release tag [2021-1] enables the correction through simple re-modelling. Users who have modelled an information network without updating from a previous edition with the previous version *IT-Grundschutz-Kompendium 9 Edition 2021* can continue to use it. An update from version 9 to version 9.1 is not required. Note: For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!