What the BSI IT-Baseline Check evaluates
The BSI IT-Baseline Check evaluates your information security maturity against BSI Standards 200-1, 200-2, 200-3. You receive a protection level (baseline, standard, core) and concrete BSI building blocks for your organization.
Legal foundations
BSI Standards 200-1 (ISMS), 200-2 (IT Baseline Methodology), 200-3 (Risk Management); BSIG; NIS2UmsuCG 2026. Placeholder — Phase 46 provides the editable ContentBlock.
How the check works
1. Choose organization size and industry 2. Answer 16 questions on network security, backup, access management, awareness 3. Receive a protection-level assessment with baseline building blocks
Your benefits
• Free and without registration • Based on current BSI Standards 200-1/2/3 • Cross-references to NIS2UmsuCG • Legal status April 2026
Frequently asked questions
- What is the difference between baseline, standard, and core protection?
- Baseline covers fundamental minimum security, standard meets BSI recommendations across the board, core protection focuses on mission-critical processes with high protection needs.
- Is an ISO 27001 certification equivalent?
- BSI IT-Baseline is compatible with ISO 27001. A BSI Baseline certification can count as ISO 27001 at the same time (BSI IT-Baseline on the basis of ISO 27001).
- How often should maturity be re-evaluated?
- BSI recommends at least annually. Immediately after major infrastructure changes or security incidents.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.