ZeDIS: standardised basic protection tool for the federal administration

January 15, 2025

Central Information Security Service standardises and optimises basic IT protection for federal authorities

The federal administration is relying on centralised software for optimised basic IT protection. This software is based on the market-proven GRC solutions from the German company HiScout. As part of the Central Service for Information Security (ZeDIS) project, the tool supports authorities in implementing the BSI requirements for basic protection, thus ensuring a high level of security and compliance. ZeDIS is part of the effort to standardise the federal government’s IT landscape and optimise security across all authorities.

At the end of 2016, support for the GSTOOL, the standardised IT-Grundschutz tool provided free of charge by the BSI, was discontinued. Since this tool was in use at the federal administration, a new, modern solution was sought that could be implemented in all federal authorities. The solution had to meet numerous requirements. These included, among other things, a mapping of the BSI’s current IT baseline protection standards and full support for the procedure according to BSI standards 200-1, 200-2 and 200-3. In addition, the effort required to design the security concept in line with IT baseline protection should be significantly reduced and the security concept should be able to be recorded more efficiently than before. Importing data from GSTOOL and other data sources as well as collecting data decentrally using automated questionnaires were also important.

ZeDIS as Software as a Service for federal authorities

ZeDIS now allows all authorities within the direct federal administration to use the HiScout GRC Suite. The tool is implemented as Software as a Service (SaaS) and simplifies the creation, management and updating of information security concepts. ZeDIS is provided by ITZBund and helps authorities to efficiently and consistently manage protection requirement analyses, risk assessments and action plans. At the same time, the tool ensures consistent documentation that meets the requirements for audits and certifications.

‘ZeDIS eliminates the need for individual solutions and standardises the important topic of basic IT protection,’ says Sascha Kreutziger, Head of Business Development at HiScout GmbH. ‘This will enable authorities to carry out IT baseline protection analyses more efficiently and make it easier to create reports for audits and certifications. We are, of course, very pleased that the federal administration relies on the HiScout GRC Suite to implement IT baseline protection consistently in public authorities and establish appropriate standards.’

Extension of the baseline protection tool to include further applications

In addition to IT-Grundschutz, ZeDIS includes a total of three HiScout modules:

  • The HiScout Grundschutz module is the market-leading BSI IT-Grundschutz tool and fully implements BSI standards 200-1, 200-2 and 200-3. The tool offers tools for the structured analysis of protection needs, for creating risk assessments and for managing measures. The software simplifies certification according to BSI standards and ensures efficient and comprehensible documentation.
  • The basic protection module can also be extended to include HiScout BCM. This module enables comprehensive planning and management of business continuity management based on the data collected for the basic protection. This allows for the centralised control of emergency concepts, recovery plans and risk analyses. It also ensures compliance and guarantees that authorities remain capable of acting even in crisis situations.
  • HiScout Data Protection module provides a central platform for managing all data protection processes in accordance with the EU GDPR and other data protection standards. It helps to manage records of processing activities, data protection impact assessments and the tracking of measures. The module thus helps authorities to meet legal requirements and improves transparency in all data protection matters.

In addition, the module can be configured to meet the specific requirements of the authorities using it.

Further information on ZeDIS can be found here: and here: Central Information Security Service (ZeDIS) – Central Information Security Service (ZeDIS) – ITZBund.

Related Articles

Euralarm releases new white paper on fire alarm sensors

Euralarm releases new white paper on fire alarm sensors

Euralarm has published a White Paper on multi-sensor fire detectors and how these devices can help to reduce false alarms. The document is intended for fire safety professionals, building managers, and regulatory authorities. Fire detection is a critical component of...

Face recognition 2.0 from a great distance

Face recognition 2.0 from a great distance

LiDAR system from researchers at Heriot-Watt University impresses with extremely high resolution: Comparison of a LiDAR image with the original (Photo: Aongus McCarthy, hw.ac.uk) In the future, it will be possible to recognise a face from a distance of hundreds of...

‘SUPER’ races safely through treacherous terrain

‘SUPER’ races safely through treacherous terrain

Drones developed by engineers at the University of Hong Kong use LiDAR technology to orient themselves ‘SUPER’ is what roboticists at the University of Hong Kong (https://www.hku.hk/ ) call their new flying robot, which is designed to move through unfamiliar terrain...

Share This