News and information about verinice.

Learn everything that is important

The date for the fall release of verinice is getting closer: Version 1.23 will be released in KW 40 (Oct. 4-8, 2021).

Users can look at the planned features for upcoming versions in the verinice.FORUM under "Roadmap". They can also suggest new features there or discuss specifications for already suggested features with the team as well as other verinice users.

The release of verinice 1.23 is scheduled shortly before it-sa. The IT security trade fair will be held in Nuremberg from October 12 to 14. The verinice team will be in Hall 7a, Booth 326, where they will be available to talk about verinice . The team will also be happy to provide information about verinice.veo - the new verinice generation - at it-sa. Use our contact form or send us an email to itsa@sernet.de if you would like to exchange ideas. Please note that only discussions are scheduled at the booth. Detailed product presentations will only take place remotely due to hygiene regulations. Requests for appointments - both for on-site meetings and web meetings - can be submitted via the contact form. We will then get in touch with you. 


verinice booth at it-sa 2021

2021 is it-sa-year again! From October 12 to 14, the trade fair on IT security will take place again in Nuremberg after a one-year break. In Hall 7a, Booth 326 the verinice.TEAM of SerNet GmbH will be present together with the verinice partners CassiniSILA Consulting and c.a.p.e. IT

Colleagues from SerNet as well as the partner companies will be available to talk about verinice. The partners will also inform about their own range of services such as the setup of a management system for information security, consulting on standards such as BSI IT-Grundschutz, ISO 27001 and others as well as certification support. c.a.p.e IT GmbH advises on the integration of verinice.PRO and KIX Professional.

You are welcome to make an appointment with our partners or us in advance. Please use our contact form or send us an email to itsa@remove-this.sernet.de. Please note that only discussions are scheduled at the booth. Detailed product presentations will only take place remotely due to hygiene regulations. Requests for appointments - both for on-site meetings and web meetings - can be submitted via the contact form. We will then get in touch with you.

Secure a free day ticket!

We will gladly send you an individual registration link for a free it-sa ticket. With this you can explore the it-sa on one day and of course visit us at our booth. Just send us an email to itsa@remove-this.sernet.de, we will send you your link to the ticket. 


version 1.22.2 of verinice and verinice.PRO is now available for download in the verinice.SHOP or in the customer repository. verinice 1.22.2 (Release Notes) is a security update. The verinice.TEAM recommends all users to apply the available patch as soon as possible.

With verinice 1.22.2 the team fixes a vulnerability, details are described in the Security Advisory. The official CVE ID is CVE-2021-36981. We would like to especially thank Frank Nusko (Secianus GmbH), who found the vulnerability and informed us about it. Together we were able to prepare a Coordinated Disclosure. 


Secianus will publish the details of the vulnerability shortly, so that verinice users have enough time to update. If you need help with this or have any open questions, please feel free to contact us at sales@remove-this.sernet.de.


As of now, the verinice.TEAM provides the BSI published Benutzerdefinierte Bausteine for use in verinice free of charge. They can be ordered and downloaded from the verinice.SHOP

Users of IT-Grundschutz have the opportunity to contribute their expertise to IT-Grundschutz by creating so-called Benutzerdefinierte Bausteine (user defined building block). To do this, an institution picks out a topic or partial aspect for which no IT-Grundschutz building block has yet been published and on which it would like to work. Those responsible for information security can put their experience and work results, such as security assessments of threats and requirements, into the form of a building block. This user defined building block can then be published on the IT-Grundschutz website. Companies that want to address similar topics can benefit from the existing expertise and, at best, develop the content further.

The BSI does not review the content of user-defined building blocks, and the building blocks are not usually published in the IT-Grundschutz compendium. If there is a high demand for a topic, it is possible to revise a module further and include it in the IT-Grundschutz-Kompendium. The modules were created by IT-Grundschutz users and kindly made available to the BSI for publication. They may be used free of charge for IT security concepts based on IT-Grundschutz without the author's consent and without providing a source reference.


Example organization of the IT Baseline Protection Profile control centers in verinice

The IT Baseline Protection Profile for control centers is now available for use in verinice ( as of version 1.22). The Baseline Protection Profile is published by the Fachverband Leitstellen e.V. – in German only – and can now be directly integrated into verinice. It is available free of charge via the verinice.SHOP.

The IT Baseline Protection Profile for Control Centers helps users to install an information security process in a control center and to adapt it to the corresponding requirements. The Baseline Protection Profiles are intended by the BSI as a template for information security: with their help, users who have similar security requirements should use the template to "check the level of security in a resource-saving way or start to set up an information security management system (ISMS) according to IT Baseline Protection." (see BSI-Infoseite zu IT-Grundschutz-Profilen, German only).

The target group for this profile is primarily the decision-makers responsible for information technology in the area of control centers. It is also intended to serve as a guideline for information security concepts in control centers for manufacturers of control center technology and specialist planners commissioned with the technical planning of control centers. But other interested parties can also apply the sample scenario to their individual framework conditions.

The "IT Baseline Protection Profile for Control Centers for verinice" contains two sample organizations based on the IT Baseline Protection Kopendium in Edition 2020 as well as in Edition 2021. The updated version was created by the verinice.TEAM and can be used optionally - depending on which edition users are working with. By importing the corresponding file into verinice, an information network with modeled target objects according to the IT Baseline Protection Profile is then available for further use and individual adaptation.

The original IT Baseline Protection Profile for control centers can be downloaded as PDF from the BSI (German only).


The verinice.TEAM has published the additional module verinice PCI DSS. This requirements catalog maps the Payment Card Industry Data Security Standard (PCI DSS) in verinice. The module can be used with verinice starting with version 1.22 in the ISM perspective. It is available to purchase in the verinice.SHOP

About the module verinice PCI DSS

The module verinice PCI DSS enables tool-supported verification of compliance with PCI DSS requirements. Requirements from other standards or laws (e.g. GDPR, HIPAA, ISO 27001 etc.) can also be conveniently mapped to avoid redundancies. verinice thus enables an integrated management system. 

Together, verinice and the PCI DSS module make it much easier to check and process compliance with the requirements. The module contains the complete PCI DSS requirements, which are imported into verinice. Users can thus skip the time-consuming and tedious part of the work, and use time more productively for working with the standard. In addition, responsibilities can be stored in verinice and individual requirements can be delegated so that colleagues can work together on the assessment. The associated reports provide meaningful overviews of the status quo of the organization.

About PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was developed to improve the security of cardholder data and facilitate the adoption of consistent data security measures around the world. The PCI-DSS provides basic technical and operational requirements for protecting cardholder data. The PCI-DSS applies to all entities involved in the processing of payment cards – including merchants, processors, billing entities, card issuers and service providers, and other entities that store, process, or share CHD (Cardholder Data) and/or SAD (Sensitive Authentication Data).


Icon B3S

verinice. as well as verinice.PRO and the add-on module Zusatzmodul B3S Krankenhaus are qualified for funding from the Hospital Future Fund (KHZF). SerNet thus offers clinics and hospitals that have to improve their IT security and introduce information security management by the deadline of 01.01.2022 a comprehensive solution that meets their needs and is also eligible for funding. The corresponding proof of suitability for eligible service providers is held by SerNet.

The ISMS tool verinice or verinice.PRO is already in use as a reliable solution in the healthcare sector (e.g. Universitätsklinikum Halle, Charité Universitätsmedizin Berlin). The verinice.TEAM has also integrated the "Industry-Specific Security Standard for Healthcare in Hospitals" (B3S Krankenhaus), which is published by the German Hospital Association. The combination of verinice and the industry standard supports hospitals in meeting the requirements of the Patientendaten-Schutz-Gesetz (PDSG). According to this, by 01.01.2022, clinics and hospitals that are not classified as KRITIS (>30,000 full inpatient cases) are also "obliged to take appropriate organisational and technical precautions in accordance with the state of the art to prevent disruptions to the availability, integrity and confidentiality of their IT systems in order to ensure the functionality of the respective hospital and the security of the processed patient information." 

In accordance with the Krankenhauszukunftsgesetz für die Digitalisierung von Krankenhäusern 

funding can be applied for for the procurement and operation of verinice or verinice.PRO as well as the verinice module B3S Hospital since 1.1.2021. The responsible colleagues from the SerNet sales team have also obtained the necessary certificate in accordance with the Hospital Structure Fund Ordinance (KHSFV). SerNet is thus an authorised service provider. 

Some verinice.PARTNERS can also already show the "KHZG certificate" and offer comprehensive advice on the topics of: Improving IT security, ISMS for hospitals in general or specifically with the B3S and the funding from the KHZF. You can identify the relevant partners via our Partner-Locator.


The new version of the ISMS tool verinice 1.22.1 is available.

(UPDATE: See below at the end of the text for the short-term changes from 1.22 to 1.22.1).

Users can either obtain it from the verinice.SHOP or download it from the repository for Pro customers. In the release notes for verinice 1.22 we list all new features. 

The BSI IT-Grundschutz-Kompendium Edition 2021 is now also available in the verinice.SHOP or in the Pro repository. It is recommended to use it in combination with verinice 1.22 – an update is possible from the former Edition 2020 is possible.

Particularly noteworthy in the new version are: 

  • VDA ISA / TISAX version 4 and 5 (catalogs and report templates): For the modeling of the self-assessment according to VDA ISA / TISAX, both the current version 5 (default) and the previous version 4 are delivered with verinice 1.22, including the respective report templates.
  • Reporting form according to BSIG 8b for security incidents: The Incident target object has been updated for both the ISM perspective and the modernized IT-Grundschutz perspective and now maps security incidents.
  • Correction of the link view under macOS BigSur: This issue was identified and resolved together with the verinice community. 
  • Acceleration of VNA export for scopes with more than 20,000 elements.

Data protection module 3 for verinice (German only) is also available in a revised perspective. It now includes the BSIG 8b notification form for data protection incidents for the respective perspective (IT-Grundschutz and ISO/ISM). This also applies to the Risk Catalog Plus incl. data protection module, which is aimed in particular at energy network operators who have to implement the mandatory IT security catalog and the requirements contained therein in accordance with Section 11 (1a) EnWG (based on DIN ISO/IEC 27001:2017, DIN ISO/IEC 27002:2017, ISO/IEC 27005:2018 and DIN EN ISO/IEC 27019:2020). In addition, the data protection module for the Basic Protection Perspective has been updated to the new Basic Protection Compendium Edition 2021. 

verinice 1.23 is scheduled for week 40 (October 4-8, 2021). The planning for this can be viewed in the verinice.FORUM. Native support for Apple M1, an update to Java 11 and an update of the RCP framework are already set. A decision on the CentOS successor should also be made by the time of the release in the fall.

Update: 1.22 to 1.22.1

With verinice 1.22.1, the verinice.TEAM fixes an error when updating a modelled information network to Edition 2021 of the IT-Grundschutz Compendium. Mistakenly, changes from the previous edition 2020 were not deleted during the remodelling but kept as "new" changes from the edition 2021. The problem is described in detail in this post in the forum: https://forum.verinice.com/t/kompendiums-update-von-8-0-und-8-1-auf-9/1337. The problem can be easily corrected in verinice 1.22.1 by remodelling with the new version 9.1 of the IT-Grundschutz-Kompendium of Edition 2021 published in parallel. For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!

IT-Grundschutz-Kompendium 9.1 Edition 2021

With the **IT-Grundschutz-Kompendium 9.1 Edition 2021**, the verinice.TEAM provides a new version of the IT-Grundschutz-Kompendium to correct the error fixed with verinice 1.22.1 when updating the IT-Grundschutz-Kompendium. The new version replaces the previous one with the same content, but the newer release tag [2021-1] enables the correction through simple re-modelling. Users who have modelled an information network without updating from a previous edition with the previous version *IT-Grundschutz-Kompendium 9 Edition 2021* can continue to use it. An update from version 9 to version 9.1 is not required. Note: For each update (remodelling) from one edition of the IT-Grundschutz-Kompendium to a newer one, at least verinice 1.22.1 must be used!


Ausschnitt Agenda der verinice.XP 2021 Tag 1

The final program for verinice.XP 2021 is online. For the first time, the conference will take place completely in digital form on February 24 and 25. The speakers will give their presentations live via Zoom – participants can follow the conference flexibly from any location. The agenda is published on the conference website, tickets are available for 99 euros.

The main language of the conference is German; have a look at this article about the program. If you would be interested in a verinice.XP in English or an Workshop please contact us at verinice@remove-this.sernet.de.

About verinice.XP

verinice.XP is the conference for users of the OpenSource ISMS tool verinice.

For years, verinice.XP has brought together IT decision-makers, security managers and data protection officers from companies, institutions and public authorities. They all share the use of verinice for information security management or data protection management.


With verinice. SerNet GmbH provides the only open source tool for the management of information security (ISMS). In order to grow dynamically and to further advance the development of the software, the team is looking for additional members with immediate effect.

Three positions are currently open:

The verinice.TEAM works distributed at the locations Berlin (Mitte) and Göttingen (headquarters of SerNet). Interested parties can apply for both locations. Details on tasks, requirements and benefits are included in the respective job description.

About verinice.

verinice is the only tool for information security management under open source license. It is in use in 4 German states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public sector institutions, especially in critical infrastructures. For the industrial sector, verinice supports not only the IT Baseline Protection of the BSI but also the ISO 27001 and is used here by companies throughout Europe and also by the Council of the European Commission or European national banks.

Working at SerNet

You can find more information from SerNet about the working environment online, as well as further information about training, studying and women in STEM professions. Furthermore, you can read here how we deal with COVID-19 and working from home.

For questions about the positions or to apply (PDF format), please contact SerNet Managing Director Reinhild Jung at jobs@remove-this.sernet.de.


Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

Deutsch English Lingua italiana Český jazyk
Contact us
Contact

We are here for you!

Our sales team will be happy to help you with any questions you may have about SerNet's verinice products and services - personally and tailored to your individual interests.

You can reach us directly by phone at +49 551 370000-0.
Send us an email at vertrieb@remove-this.sernet.de.

captcha
* mandatory fields
© SerNet GmbH, 2024