News and Press Releases

    Page 6 of 8.
  • 5
  • 6
  • 7

Version 1.11 of the ISMS tool verinice has been released. verinice now implements the open source framework Elasticsearch, which enables full-text search. verinice- and verinice.PRO users are automatically alerted to the new version; manual download is available. 

With version 1.11 verinice and verinice.PRO received a search function, and all objects can be found quickly now. The framework Elasticsearch is employed for the full-text search, which is also used e.g. by Wikimedia. Search results can also be exported as a CSV file. 

The verinice.TEAM has made extensive improvements on the GSTOOL import. Speed and memory consumption were enhanced, thus optimizing the support for large GSTOOL databases. With some of the biggest GSTOOL databases in Germany already imported, verinice now even accepts those with sizes of 1 gigabyte and more "in one go". The GSTOOL was the official but now deprecated software tool published by the German BSI for its IT-Baseline standard.


For details on the new features and improvements please see the release notes to verinice 1.11 Please note the listing of changed configuration files under the heading "How to Update".

Our newly published verinice 1.10 unfortunately suffered from a small mistake: On Windows, the startup screen (splash screen) did not appear. While the application started and ran without problems - a longish period passed until the actual program window opened. That could result in multiple clicks and accordingly repeatedly opened verinice instances.

The verinice.TEAM quickly published a solution. Through an online update of the verinice client the error can be eliminated:

"Help" -> "Check for Updates"

We apologize for this inconvenience.

The latest version of verinice is now available. With V 1.10 users have access to the IT Baseline Protection Catalogs in English and can use the new edition of the VDA IS-Assessment in version 2.x. Exclusive new features for the server version verinice.PRO are single-sign-on with Active Directory and importing users from the AD into the IT Baseline view as well as the optimization of the task view.

Important note for the update: Due to the necessary data migration, thefirst launch of verinice clients after updating may take a bit longerthan usual. Don’t panic. For more information, see the section "Display of file size in the File View". Please also note the general indicationsregarding the update and the release notes.

The new features at a glance:

English IT Baseline Protection Catalogs

The full text of the IT Baseline Protection Catalogs published by the German Federal Office for Information Security (BSI) is now available in English. Especially international teams benefit from this, simplifyingthe work with the IT Baseline Protection significantly.

However, users of the native ISO 27001:2013 can profit from the comprehensive catalog of risks and controls as well: during risk assessment and risk treatment the Baseline Protection Catalogs can be used as a comprehensive database, especially on specific topics like Windows or SAP.

All risks can be used as scenarios in an individual risk assessment. Simply drag-and-drop the desired risks or whole modules into the risk model. The catalogs, containing more than 1,500 Baseline Protection controls, will proof to be useful during risk treatment. As specific controls, they supplement the generic requirements of ISO / IEC 27002:2013. The controls are easily dragged-and-dropped into the ISM-risk model.

The English IT Baseline Protection Catalogs correspond to the 13th catalog update version from the BSI.


Update on VDA ISA 2.x

verinice V 1.10 fully supports the new edition of the IS-Assessment catalog published by the German Association of the Automotive Industry (VDA) in version 2.x. Apart from the actual catalog, the method of calculating the averages and the "Total Security Figure" have been adjusted. The issued report provides the radar chart indicating the level of maturity reached and the target level of maturity for each chapter, taking into account all the questions marked "NA".

Users of verinice are absolutely compliant with the VDA standard. Moreover a consolidator allows to import assessment results originating from theVDA 1.x standard. Shifts of controls etc. are taken into account properly. 


Display of file size in the file view

The file view now reveals the file size of each attachment. This accelerates, for example, the inevitable clean up of a growing database.

Note: After updating to V 1.10 the file size information is updated in the database. The update will be triggered at the first connection of a verinice client to the database. Depending on the number of attachments this can take from a few seconds up to several minutes to complete. We therefore recommend to immediately perform a client-start after the server update, so the update is complete before the first regular user logs in. The migration is executed only once.


Exclusive features of verinice.PRO

Single-Sign-On with Active Directory

On Windows-clients verinice.PRO now supports Single-Sign-On: registered users are automatically logged in to verinice.PRO. Re-entering the username and password is not required.

The previous registration mechanism with renewed user and password input is still available as an alternative, e.g. if you want to work in verinice with another user as the one logged in into Windows.

Import of individuals from AD in the baseline protection view
When running an AD import it is now possible to select whether the imported persons and accounts are created in the ISM or in the Baseline Protection model.

Optimization of the task view
The task view has been improved: Tasks load faster and a detailed search allows you to find specific tasks. Tasks can be sorted by group, editor, process, task type, start and end date.


Improvements and bug fixes

Minor improvements and a variety of fixed bugs in various places roundoff V 1.10. Some worth mentioning are:

  • In the web front-end for tasks the full text of Baseline Protection Controls can now be viewed. This makes it easier to delegate the basic security check as well as control implementation.   
  • The local report repository on the verinice client now works as intended.   
  • The allocation of modules, users and target types when using the GSTOOL import have been corrected.   
  • Inheriting custom icons to child objects can now be switched on or off.   
  • When moving objects it can be selected if the permissions of the destination folder should be applied to the moved object.   
  • Double-clicking an attachment in the file view now selects the associated object in the tree view.   
  • The standard account view display was changed to: "Last name, firstname [account]"   
  • When displaying account groups, the right hand display does not show a total list of all accounts as before, but only those who are not included in the selected group. This facilitates the search for non-associated accounts.   
  • The customization file ("SNCA.xml") will no longer be moved during the update process but will continue to operate as is. Attention: Please continue to follow the update instructions for dealing with configuration files!

From installing and working with verinice to importing OpenVAS scans: 16 screencasts, produced by Nils Ulltveit-Moe, guide users through the OpenSource information security management system (ISMS). They're all available via YouTube.

The tutorials demonstrate, for example, how to add threats and vulnerabilities, how to create risk scenarios and risk assessment reports or how to add documents and design workflows. They also introduce the Spanish open standard MAGERIT. By this the course utilises the verinice feature to implement additional catalogues and content.

Ulltveit-Moe is Associate Professor at the University of Agder (Norway). His screencasts and the associated verinice course are part of PRECYSE (Prevention, protection and reaction to cyber-attacks to critical infrastructures) – an European research funded project "that defines, develops and validates a methodology, an architecture and a set of technologies and tools to improve the security, reliability and resilience of the ICT systems supporting the Critical Infrastructures".

The verinice.TEAM is delighted about the screencasts and some of the approaches. We encourages other verinice users to explore the tool, put it to use and contribute to the community content as well.

March 24th - 26th 2015 marks the date of (World Hosting Days) - verinice will be present as well. The SerNet GmbH, home of verinice, will be hosting a verinice booth. You're invited to visit us at D12 and dive into the the meet-up of the hosting and internet world at Europa-Park Rust with us. 

The SerNet team is excited to present and talk about verinice as well as the according topics IT-Security, ISMS, ISO 27001 and BSI Baseline Protection. On Thursday (March 26th) SerNet CEO Dr. Johannes Loxen will give a talk about "There is no security without Open Source" (venue "Circus Celebration"). And again we're eager to recruit v.LEUTE (what actually means.... liaison people)! So, have some nice World Hosting Days and come by to participate in this competition.

Planning on visiting the 2015? You can redeem this code in order to get a free daypass:


Please visit the WHD registry to get your ticket. 

As of now verinice 1.9 is available for download. The update at a glance:

  • VDA ISA Standard 2.0
    In verinice 1.9 the new IS-assessment Catalog of the Association of the Automotive Industry is implemented. The standard has been thoroughly revised and adjusted to the new requirements of the updated ISO 27001: 2013.
    Due to a special unify function existing levels of maturity can be transferred to the new chapter numbering. Existing assessment results can be reused, and users do not have to start completely from scratch. That should reduce the cost of the update and for the re-evaluation as much as possible.
    Any changes took place in close contact with the authors of the ISA catalog in the corresponding working group of the Association. Conformity to the questionnaire is 100% guaranteed.
  • Account Management (verinice.PRO)
    A completely new user and group management facilitates the creation and maintenance of the authorization concept. This comes in handy especially for a large number of verinice users and groups.
  • Report Repository (verinice.PRO)
    verinice 1.9 comes with a newly introduced central report repository. This makes reports generated with the vDesigner available for all users of verinice.PRO servers. The central report repository is synched by the client and cached locally so that all the reports are still available in offline mode. In addition, only local reports can be stored in the client - eg for testing or confidential evaluations. Here, local and server reports are designated and distinguished clearly in the list.
    For each report, the required and reasonable output formats can now also be programmed centrally (DOC, XLS, PDF...).
    The standard reports included with verinice can be managed in the same way. Thus, e.g. a standard report will be replaced by a custom template, for example if in all reports a company logo is to be used, etc.
  • Easy changes in the permission dialog (verinice.PRO)
    The authorization dialog for assigning access rights to objects has also been revised. It is now easier and more comfortable to set, read and write permissions for individual objects or groups of objects.

verinice 1.8 has been released. The new version is ready to be downloaded here.

verinice 1.8 delivers a couple of new features to make the management of your ISMS even more friendly and efficient:

  • Generic workflow
    When the deadline for a task has passed, the task stays with the person responsible. The initiator of the task receives a notification email. The asignee can request to postpone the deadline and the initiator can accept or deny this request.
  • Deleting objects during import
    When repeatedly importing objects from the same data source, it is now possible to delete objects from a previous import that have also been removed in the source.
  • Read permissions in task view
    The task view now regards read permissions of objects. A task is only displayed to the user when the user is also allowed to see the object for which the task has been created.
  • Read permissions in file view
    Read permissions are now considered in the file view. Files are only displayed when the user also has permissions to read the object to which the file has been attached.
  • Object path in the relation view
    The relation view now shows breadcrumbs for each displayed link target as a tooltip.
  • Cc- and Bcc-Recipient for emails
    It is now possible to configure a Cc or Bcc address that is used in every email sent out by the email notification feature.
  • Default directory for report templates
    The report dialog remembers the used template folder if the user selects this option.

Please regard the general notes for updating.

The new features in verinice 1.8 come from user requests. By close and frequent communication with the support and development team, users were able to communicate their experiences and to initiate improvements. We continue to promote this vibrant exchange. Please write us at - we will consider your concerns. 

verinice will be present at the IT-security expo it-sa from October 7th to 9th 2014 in Nuremberg. Meet up with the team in hall 12.0 / 12.0-339 and get all the news about verinice as well as the future roadmap. 

You're planning to attend? We'll hand out codes for etickets - just send uns an email to It can be redeemed at from August 26th onwards.  


From now on verinice is available in version 1.7.0. Main changes are: 

ISO 27001:2013 / IT Baseline-Catalog, 13th Addition

The standards ISO / IEC 27001:2013 and the IT-Baseline Catalog with its 13th supplemental set are availabe in the most recent versions.

Direct import for file structures

verinice can now import entire subtrees from the file system into the database in a single action. Folder structures are also listed, files create appropriate objects and are imported simultaneously as attachments. Existing policies or audit evidence can be quickly and simply transfered into the database. The import can also create connections between objects, e.g. map the relationship between policies and the controls described therein.

Consolidate with links

A new consolidation function for IS Assessments makes it possible to transfere existing audit results to surveillance audits. Existing linkages such as to central directives and other objects are taken into acount. This feature facilitates the continuous checking of information security through the acquisition of past findings and the evidence as a starting point for a new audit .

Web service for Importing File Attachments

Other applications are now able to import attachments automatically using the web service. For example, reports from OpenVAS / Greenbone-GSM can be created automatically in the verinice database and the original reports are stated as well as reference.

Task overview

A new report for verinice.PRO users shows tasks in the system that are assigned using workflows. Thus, the processing status of each task, the person responsible and the time frames are visible and make it a lot easier to track tasks at hand.

English Manuals

Manuals are available in English now. These include: 

  • verinice.PRO installation under CentOS and RHEL
  • Installation of the verinice.PRO Appliance
  • Quick reference for the verinice. Report Designer (vDesigner)

"Heartbleed" - a severe vulnerability in the OpenSSL encryption software - currently worries the IT scene. At SerNet and in the verinice team we looked into the matter intensively and found corresponding solutions. We will keep you updated about all possible developments. 

Information for verinice customers:

  • The verinice client is not affected.
  • Users of the appliances should draw or update the OpenSSL package , the update is already available.
  • Heartbleed has also affected the verinice repository. We have already taken all the necessary measures , the server is no longer vulnerable.

UPDATE for SerNet customers with firewall systems:

All measures to be taken have been completed. Affected customers were informed and the vulnerability is closed. If necessary, the SSL certificates were exchanged.

If you have specific questions about your systems and Heartbleed, please call us at +49 551 37 0000 0 or send an e-mail to or contact the verinice support directly.

    Page 6 of 8.
  • 5
  • 6
  • 7

Search News

Press contact:

Claudia Krell


English languageDeutsche SpracheLingua italianaČeský jazyk
© SerNet GmbH, 2021