CERT-Bund is the national Computer Emergency Response Team of Germany’s Federal Office for Information Security (BSI). It serves as the central contact point for IT security incidents in Germany and coordinates the response to cyber threats at the national level.
For an ISMS in Germany, CERT-Bund is an important information source: it publishes warnings, advisories, and situation assessments on current vulnerabilities and threats. This information feeds into risk analysis under ISO 27001 Clause 6.1.2 and vulnerability assessment under Annex A control A.8.8. Critical infrastructure operators (KRITIS) are legally required to report incidents to the BSI (and thus indirectly to CERT-Bund). Even non-KRITIS organizations benefit from subscribing to CERT-Bund advisories.