Zum Hauptinhalt springen
CENEDRIL WIKI
DE

Laws & Standards

The regulatory landscape for information security has grown significantly in recent years. Here you'll find overviews of the most important laws and standards from the DACH region and the EU — with practice notes, typical audit findings and mappings to ISO 27001 controls.

What's here?

Laws are binding; standards structure the implementation. GDPR, NIS2 or the German IT-Sicherheitsgesetz are obligations — ISO 27001, BSI Grundschutz or NIST CSF show you how to meet them. The split here mirrors that: duties first, tools second.

Every page explains scope, core requirements and typical pitfalls, and links to the ISO 27001 Annex A controls that operationalise the requirements.

Laws 14

Binding regulations from the EU, Germany and Switzerland with information-security relevance.

BDSG — German Federal Data Protection Act Law · DE BSIG — Act on the German Federal Office for Information Security Law · DE Cyber Resilience Act — CRA Law · EU DORA — Digital Operational Resilience Act Law · EU FADP — Swiss Federal Act on Data Protection Law · CH FINMA Circular — Operational Risks (Switzerland) Law · CH GDPR — General Data Protection Regulation Law · EU GeschGehG — Trade Secrets Act Law · DE HGB & AO — German Commercial Code and Tax Code Law · DE ISG — Swiss Information Security Act Law · CH IT-Sicherheitsgesetz 2.0 (Germany) Law · DE KonTraG — Act on Control and Transparency in Business Law · DE NIS2 Directive — EU Cybersecurity Directive Law · EU TTDSG — Telecommunications Telemedia Data Protection Act Law · DE

Standards 10

International and industry-specific frameworks for the structured implementation of information security.

BAIT & VAIT — BaFin IT Requirements for Banks and Insurers Standard · BaFin BSI C5 — Cloud Computing Compliance Criteria Catalogue Standard · BSI BSI IT-Grundschutz — 200-x Standards and Compendium Standard · BSI CIS Controls — 18 prioritised security controls Standard · CIS ISO 22301 — Business Continuity Management Standard · ISO ISO/IEC 27001 — Information Security Management System Standard · ISO ISO/IEC 27002 — Information Security Controls Guidance Standard · ISO ISO/IEC 27005 — Information Security Risk Management Standard · ISO NIST Cybersecurity Framework — Govern, Identify, Protect, Detect, Respond, Recover Standard · NIST TISAX — Trusted Information Security Assessment Exchange Standard · ENX