1.5 Additional Aids

Through its recommendations for standard security safeguards the IT Baseline Protection Manual offers direct assistance with the implementation of IT security. In addition, several further aids are available for daily work with IT security. These aids fall into two broad categories, software and programs, and secondary documents.

Software tools

There are currently three software tools available for IT baseline protection. These are as follows (further information on these tools will be found in the annex):

• BSI IT Baseline Protection Tool. This tool, which was commissioned by the BSI, supports the entire process involved in drawing up a security concept aimed at achieving IT baseline protection, the target versus actual comparison, implementation of the safeguards and the subsequent security audit. In addition it is possible from the tool to access the text of the manual in electronic form. A reporting structure capable of being tailored to suit a given organisation provides support to the IT Security Officer as he goes about implementing IT baseline protection.

• BSI USEIT tool. This tool, which was commissioned by the BSI, enables a UNIX administrator to perform an automated check as to whether the technical settings of a UNIX system are consistent with IT baseline protection. The tool can be used for the common variants of UNIX including Linux. It can also be used to assist with security audits of UNIX networks, firewalls and WWW servers based on UNIX.

• Chiasmus for Windows. An encryption program which can be used under a Windows interface was developed by the BSI specially to meet administrative needs in Germany. It is also possible to physically delete files using this tool.

Secondary documents

To supplement the IT Baseline Protection Manual, a number of additional documents are available. Some of these were written by the BSI and some of them have been made available to the BSI for further distribution free of charge by users of the manual. A list of the aids available is provided in the annex.

At this point we would like to mention a few of these aids:

• example of an information security policy,

• example set of terms of reference for IT Security Officers,

• example of user rules for electronic communications services,

• example of a contract for the disposal of data media,

• example of an office agreement regarding e-mail and the Internet,

• set of viewfoils for making presentations on IT baseline protection to managers, those responsible for IT and employees, and

• record sheets when gathering information relevant to IT baseline protection.

Tools which have been developed by users of the IT Baseline Protection Manual and are made available here to other users can save the "IT security community" considerable work in that they obviate the need to continually reinvent the wheel. Tools can be forwarded to the BSI via the IT Baseline protection Hotline (0228/9582-369 or gshb@bsi.bund.de). Currently not all additional material is available in English.