Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Bundesamt für Sicherheit in derInformationstechnikFederal Agency for Security inInformation TechnologyIT Baseline Protection ManualOctober 2000
  2. 2. IT Baseline Protection Manual Standard Security Measures Version: October 2000
  3. 3. IT Baseline Protection of Generic Components_________________________________________________________________________________________PrefaceThe IT Baseline Protection Manual contains standard security safeguards,implementation advice and aids for numerous IT configurations which aretypically found in IT systems today. This information is intended to assistwith the rapid solution of common security problems, support endeavoursaimed at raising the security level of IT systems and simplify the creation ofIT security policies. The standard security safeguards collected together inthe IT Baseline Protection Manual are aimed at a protection requirementwhich applies to most IT systems.For the majority of IT systems, this considerably facilitates the task ofdrawing up a security policy, hitherto a labour-intensive process, by eliminating the need forextensive, and often complex, analyses of threats and probabilities of occurrence. If the manual isused, all that is required to identify security shortcomings and specify appropriate security measures isto compare the target safeguards presented here with the actual safeguards in operation.The IT Baseline Protection Manual has been created so that it can be continuously updated andextended. It is revised every six months to incorporate suggestions for improvements, additionalmaterial and reflect the latest IT developments. I would like to thank those users of the IT BaselineProtection Manual who have contributed to this version.Dr. Dirk Henze_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  4. 4. IT Baseline Protection of Generic Components_________________________________________________________________________________________Whats new in the October 2000 version of the IT Baseline Protection ManualMargin notesOn the replacement pages, margin notes have been inserted in the Comments column. These marginnotes are intended as keyword pointers to the content of the material contained in each section of thedocument.FootersPages which have been added to the manual for the first time or have had their content updated can beidentified by the entry "October 2000" in the footer. Where the only change to have been made on apage is the change of spelling to comply with the new spelling rules or the addition of margin notes,the issue date shown in the footer has not been changed. In this way it is possible to tell directly fromthe footers which pages have had their content changed.WWW pages on IT baseline protectionThe Bundesamt für Sicherheit in der Informationstechnik (BSI, German Information Security Agency)can also be found on the Internet. You can read about the latest developments in IT baseline protectionon the BSIs website at This site contains a forum for presenting thelatest information on the IT Baseline Protection Manual.Updating and revisionNo structural changes have been made in the new edition. The numbering of existing threats andsafeguards has been retained so that a security policy prepared on the basis of last years IT BaselineProtection Manual does not need to be revised. Nevertheless, we recommend that users read theselected safeguards in the revised version in full to enable them to take these new items intoconsideration and, if appropriate, brush up their knowledge of IT security issues. To identifyaccurately which parts of the documents have been changed, please refer to the Word versioncomparison which is contained on the CD in the ../VGL directory (currently German version only).Development to meet users needsThe manual has been developed further to meet the needs expressed by registered users during theyear.The following new modules have been prepared for the 2000 version: 3.0 IT Security Management 7.6 Remote Access 8.6 Mobile TelephonesChanges in the contentChapters 1 and 2 have undergone substantial change of content. In this revised version the previousChapter 1 "IT Security Management" has been integrated into the modules of the manual.IT Baseline Protection CertificateAs the IT Baseline Protection Manual with its recommendations as to standard security safeguards hascome to assume the role of an IT security standard, it is fitting that it should be used as a generallyrecognised set of IT security criteria. Having received frequent enquiries as to whether it is possible to_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  5. 5. IT Baseline Protection of Generic Components_________________________________________________________________________________________have the security level certified, the BSI has decided to develop a Baseline Protection Certificate. Therelevant technical details are to be found in Section 2.7 "IT Baseline Protection Certificate".CD-ROMA revised electronic version will be available approx. six weeks after publication of the printededition. Anyone wishing to receive this CD version should send a stamped (DM 3 if within Germany)addressed envelope (C5 format) to the following address: Bundesamt für Sicherheit in der Informationstechnik (German Information Security Agency) BSI IT Baseline Protection CD-ROM Postfach 20 03 63 D-53133 Bonn GERMANYManagement reportThe last few pages of the manual contain a list of registered users of the IT Baseline ProtectionManual. This list provides a summary of the industries, companies and official bodies in which ITbaseline protection is used._________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  6. 6. IT Baseline Protection of Generic Components_________________________________________________________________________________________Table of Contents1 Finding Your Way Around the IT Baseline Protection Manual1.1 IT Baseline Protection: The Aim, Concept and Central Idea1.2 Structure and Interpretation of the Manual1.3 Using the IT Baseline Protection Manual1.4 Brief Outline of Existing Modules1.5 Additional Aids1.6 Information Flow and Points of Contact2 Using the IT Baseline Protection Manual2.1 IT Structure Analysis2.2 Assessment of protection requirements2.3 IT Baseline Protection Modelling2.4 Basic Security Check2.5 Supplementary Security Analysis2.6 Implementation of IT Security Safeguards2.7 IT Baseline Protection Certificate3 IT Baseline Protection of Generic Components3.0 IT Security Management3.1 Organisation3.2 Personnel3.3 Contingency Planning Concept3.4 Data Backup Policy3.5 Data Privacy Protection3.6 Computer Virus Protection Concept3.7 Crypto Concept3.8 Handling of Security Incidents4 Infrastructure4.1 Buildings4.2 Cabling4.3 Rooms 4.3.1 Offices 4.3.2 Server Rooms 4.3.3 Storage Media Archives_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  7. 7. IT Baseline Protection of Generic Components_________________________________________________________________________________________ 4.3.4 Technical Infrastructure Rooms4.4 Protective Cabinets4.5 Working Place At Home (Telecommuting)5 Non-Networked Systems5.1 DOS PC (Single User)5.2 UNIX System5.3 Laptop PC5.4 PCs With a Non-Constant User Population5.5 PC under Windows NT5.6 PC with Windows 955.99 Stand-Alone IT Systems Generally6 Networked Systems6.1 Server-Supported Network6.2 UNIX Server6.3 Peer-to-Peer Network6.4 Windows NT Network6.5 Novell Netware 3.x6.6 Novell Netware 4.x6.7 Heterogeneous Networks6.8 Network and System Management7 Data Transmission Systems7.1 Exchange of Data Media7.2 Modem7.3 Firewall7.4 E-Mail7.5 WWW Server7.6 Remote Access8 Telecommunications8.1 Telecommunications System (Private Branch Exchange, PBX)8.2 Fax Machine8.3 Answering Machine8.4 LAN connection of an IT system via ISDN8.5 Fax Servers8.6 Mobile Telephones9 Other IT Components_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  8. 8. IT Baseline Protection of Generic Components_________________________________________________________________________________________9.1 Standard Software9.2 Databases9.3 TelecommutingCatalogues of Safeguards and ThreatsSafeguards Catalogues Threats CataloguesS1 Infrastructure T1 Force MajeureS2 Organisation T2 Organisational ShortcomingsS3 Personnel T3 Human ErrorS4 Hardware & Software T4 Technical FailureS5 Communication T5 Deliberate ActsS6 Contingency planning_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  9. 9. IT Baseline Protection of Generic Components_________________________________________________________________________________________IntroductionIT Baseline Protection - the Basis for IT SecurityIn our modern information and communication society,administrative tasks, both public and in industry, areincreasingly routinely supported by the use of informationtechnology (IT). Numerous work processes are electronicallycontrolled and large amounts of information are stored indigital form, electronically processed and transferred on localand public networks. Many tasks performed within both thepublic and private sectors are simply not possible without IT, while others can only be partiallyperformed without IT. Consequently many public or private sector organisations are totally reliant onthe correct functioning of their IT assets. An organisation can only achieve its objectives if IT assetsare used in a proper and secure manner.There are many ways in which organisations depend on the correct functioning of IT resources. Thefinancial success and competitiveness of companies is dependent on IT, so that ultimately jobsthemselves depend directly on the functioning of IT assets. Whole industrial sectors such as bankingand insurance, the car industry and logistics depend critically on IT today. At the same time, the well-being of every citizen also depends on IT, whether it is a matter of his job, satisfaction of his dailyconsumer needs or his digital identity in payment transactions, in communications and increasingly ine-commerce. As society becomes more dependent on IT, so the potential social damage which couldbe caused by the failure of IT resources increases. As IT resources of themselves are not without theirweaknesses, there is justifiably great interest in protecting the data and information processed by ITassets and in planning, implementing and monitoring the security of these assets.The potential damage which could result from malfunction or failure of IT assets can be assigned toseveral categories. The most obvious of these is loss of availability: if an IT system is out of service,no money transactions can be carried out, online orders are impossible and production processes grindto a halt. Another issue frequently discussed is loss of confidentiality of data: every citizen is aware ofthe necessity of maintaining the confidentiality of his person-related data, every company knows thatcompany-confidential data about its sales, marketing, research and development would be of interestto competitors. Loss of integrity (the corruption or falsification of data) is another issue which canhave major consequences: forged or corrupt data results in incorrect accounting entries, productionprocesses stop if the wrong or faulty input materials are delivered, while errors in development andplanning data lead to faulty products. For some years now, loss of authenticity, i.e. the attribution ofdata to the wrong person, has come to be regarded as another major aspect of the general concernregarding data integrity. For example, payment instructions or orders could be processed so that theyare charged to a third party, digital declarations of intent that have not been properly protected couldbe attributed to the wrong persons, as "digital identities" are falsified or become corrupt.This dependency on IT will only increase further in the future. Developments worthy of particularmention include the following:- IT penetration. More and more areas are coming to be supported by information technology. For example, a shift in consumer behaviour towards e-commerce is taking place, car and traffic routing technology is being perfected with IT support, intelligent domestic appliances are looming on the horizon, and even waste disposal containers fitted with microprocessors are now in use.- Increasing degree of networking. IT systems today no longer function in isolation but are becoming more and more heavily networked. Networking makes it possible to access shared data resources and to work closely with people in other parts of the world. This in turn leads not only to_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  10. 10. IT Baseline Protection of Generic Components_________________________________________________________________________________________ dependence on the individual IT systems but increasingly also on the data networks. On the other hand, this means that security deficiencies in an IT system can rapidly spread across the world.- Propagation of IT resources. More and more areas are supported by information technology. For example a shift in consumer behaviour towards e-commerce is taking place, car and traffic routing technology is being perfected with IT support, domestic appliances can now be programmed and networked.- Greater power. The continuing trend towards miniaturisation is enabling an increase in the performance of hardware technology, so that ever more processor-intensive tasks can be shifted to decentralised computers or even to microprocessors. This is particularly evident in the area of smart card technology. Modern multi-function smart cards can be used to effect payment transactions, collect time-keeping information, enable access controls and perform highly complex mathematical encryption operations. The performance increase in the hardware also allows elaborate software algorithms, which a decade ago could only be performed on a mainframe computer, to be implemented in microcomputers. New ideas aimed at employing software as a kind of mobile code which, for example, could autonomously seek out competitively priced suppliers of certain goods on the Internet, are currently taking shape.All this implies a disproportionate increase in the potential threats, due to the co-existence andinteraction of multiple factors:- Dependence on IT and hence vulnerability is increasing, as described above.- Responsibility for implementing IT security measures is often spread over many individual persons. The complexity of the problems which can occur in the IT security area means that individuals with such responsibilities rapidly become out of their depth.- Knowledge of threats and IT security safeguards is inadequate. Because of the short length of time it takes to develop IT innovations, it is difficult to be fully informed as to all the new or newly discovered threats and the countermeasures that are necessary. In many cases there is also uncertainty as to what security measures are appropriate to counter a given threat.- Finally, the increasing functionality available actually broadens the front over which an IT system is vulnerable to attack. Security loopholes which could be exploited to perpetrate an attack are always being discovered in protocols and network services and also in local application software.- IT systems are progressively becoming more open towards the outside world, e.g. as a result of networking, Internet access and maintaining a presence on the Internet. But this only means that the number of persons who could potentially attack an IT system is increased.When considering the threat potential, a distinction should be made between loss or damage which isthe result of wilful action and that which is caused by "chance events". This latter category includesproblems which are the result of force majeure, technical failures, carelessness and negligence.Statistically, these "chance events" are the ones which, collectively, cause the most damage. Bycontrast, damage which is attributable to wilful action occurs more seldom, but when it does occur theconsequences are often more serious. The perpetrators may be driven by the desire for revenge, envyor personal enrichment, or they may simply find it fun to wreak havoc on IT systems. Both in thedeliberate and unintentional case, an additional distinction can be made as to whether the cause of thedamage lies within or outside of the company or agency. It should be noted in this context that most ITdamage which is the result of deliberate action can be attributed to "insiders".In view of the potential threats outlined above and the increasing dependence on IT resources, everyenterprise, whether a company or an official body, must ask itself several key questions regarding ITsecurity:_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  11. 11. IT Baseline Protection of Generic Components_________________________________________________________________________________________- How secure are the IT assets of the organisation?- What IT security measures need to be taken?- How do these measures specifically need to be implemented?- How can an organisation maintain and/or improve the level of security it has attained?- How secure are the IT assets of other institutions with which the organisation works?When seeking answers to these questions, it should be noted that IT security is not just a technicalissue. Protection of an IT system to the level of security that is needed requires not only technicalsafeguards to be implemented but also measures covering organisational, personnel and buildinginfrastructural aspects, and, in particular, it is necessary to establish IT security management roleswhich will be responsible for designing, co-ordinating and monitoring the IT security-related tasks.If one now compares the IT assets of all institutions against the questions postulated above, a specialgroup of IT assets emerges. The IT assets in this group may be characterised as follows:- They are typically IT systems i.e. these systems are not individual solutions but are widely distributed.- The protection requirements of the IT systems with regard to confidentiality, integrity and availability are nothing out of the ordinary.- The secure operation of the IT systems requires standard security measures from the areas of infrastructure, organisation, personnel, technology and contingency planning.If it were possible to identify a common set of security measures for this group of "typical" IT systems- a set of standard security measures - then this would significantly assist answering the abovequestions for those "typical" IT systems. Many of the protection requirements of IT systems which lieoutside this group, possibly because the systems concerned are more unusual, customised systems orbecause they have very high protection requirements, can then be satisfied by implementing thestandard security measures, although ultimately these systems need to be considered separately.The IT Baseline Security Manual presents a detailed set of standard security measures which apply tovirtually every IT system. It provides:- standard security measures for typical IT systems with "normal" protection requirements,- a description of the threat scenario that is globally assumed,- detailed descriptions of safeguards to assist with their implementation,- a description of the process involved in attaining and maintaining an appropriate level of IT security and- a simple procedure for ascertaining the level of IT security attained in the form of a target versus actual comparison.Because information technology is a highly innovative area and is constantly undergoing furtherdevelopment, the present manual is designed to be easily updated and expanded. The BSI continuouslyupdates the manual and expands it to include new subjects on the basis of user surveys.The response to this is very positive. In the Annex to the manual you will find a list of some of theorganisations which use the IT Baseline Protection Manual. This list provides a summary of theindustries, companies and official bodies in which IT baseline protection is applied.As the manual is also held in high esteem internationally, an English-language version of it is alsoavailable in electronic form._________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  12. 12. IT Baseline Protection of Generic Components_________________________________________________________________________________________1 Finding Your Way Around the Info / Contacts IT Baseline Protection Manual Objectives / Concepts Application Structure / Interpretation1.1 IT Baseline Protection: the Aim, Concept and Central IdeaThe IT Baseline Protection Manual presents a set of recommended standard security measures or"safeguards", as they are referred to in the manual, for typical IT systems. The aim of these IT baselineprotection recommendations is to achieve a security level for IT systems that is reasonable andadequate to satisfy normal protection requirements and can also serve as the basis for IT systems andapplications requiring a high degree of protection. This is achieved through the appropriate applicationof organisational, personnel, infrastructural and technical standard security safeguards.To facilitate structuring and processing of the highly heterogeneous area of IT, including theoperational environment, the IT Baseline Protection Manual is structured in a modular fashion. Theindividual modules reflect typical areas in which IT assets are employed, for example client/servernetworks, buildings, communications and application components Every module begins with adescription of the typical threats which may be expected in the given area together with their assumedprobability of occurrence. This "threat scenario" provides the basis for generating a specific packageof measures from the areas of infrastructure, personnel, organisation, hardware, software,communications and contingency planning. The threat scenarios are presented in order to createawareness, and are not required any further for the creation of a security concept which affords ITbaseline protection. It is not necessary for users to perform the analysis work mentioned above, whichrequires considerable effort, in order to attain the security level that is needed for an averageprotection requirement. On the contrary, it is sufficient to identify the modules which are relevant tothe IT system or IT assets under consideration and to implement all the safeguards recommended inthose modules in a consistent manner.Using the IT Baseline Protection Manual, it is possible to implement IT security concepts simply andeconomically in terms of the resources required. Under the traditional risk analysis approach, first ofall the threats are identified and assigned a likelihood of occurrence, and the results of this analysis arethen used to select the appropriate IT security measures, following which the remaining residual riskcan be assessed. The approach adopted in the IT Baseline Protection Manual on the other handrequires only that a target versus actual comparison is performed between the recommended measuresand those already implemented. The security shortcomings which need to be eliminated throughadoption of the recommended measures are defined in terms of those security measures identifiedwhich are lacking and not yet implemented. Only where the protection requirement is significantlyhigher is it necessary to also carry out a supplementary security analysis, weighing up the cost-effectiveness of implementing additional measures. However, it is generally sufficient here tosupplement the recommendations made in the IT Baseline Protection Manual with appropriate tailoredand more stringent measures._________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  13. 13. IT Baseline Protection of Generic Components_________________________________________________________________________________________The safeguards listed in the IT Baseline Protection Manual are standard security measures, i.e.measures which should be implemented for the modules concerned using the latest availabletechnology in order to achieve a reasonable level of security. In some cases these safeguards alsoprovide a higher level of protection than that required simply to implement a baseline level ofprotection; nevertheless, they are the minimum security precautions which it is reasonable toimplement in the areas concerned.Security concepts which are drawn up using the IT Baseline Protection Manual are compact, since allthat is required within the concept is to reference the relevant safeguards in the manual. This makesthem easier to understand and view in perspective. To facilitate implementation of the recommendedmeasures, the safeguards are described in sufficient detail in the manual that they can serve as specificimplementation instructions. With regard to the technical terminology used, care has been taken toensure that the safeguard descriptions will be comprehensible to those who have to implement them.Accordingly, a distinction is made in the style and terminology used between safeguards which needto be implemented by an experienced administrator and those which a user is expected to implement.To simplify implementation of the safeguards, the text of the manual is also available in its entirety inelectronic form. In addition, implementation of the safeguards is also supported by aids and samplesolutions, some of which have been provided by the BSI and some by users of the manual.Bearing in mind the pace of innovation and version changes in the IT area, the IT Baseline ProtectionManual has been designed so as to make it easy to expand and update. It therefore has a modularstructure incorporating modules and catalogues and, as a collection of loose-leaf sheets, it is easy toexpand. The BSI re-works and updates the existing modules at regular intervals in order to keep therecommendations made in the manual in line with the latest technological developments. In addition,new modules are regularly added to the existing body of documentation. In updating the IT BaselineProtection Manual, the BSI is guided by requests expressed by users which are obtained regularlyfrom surveys. Only in this way can it be sure that in the long-term the document evolves in line withusers’ requirements. The BSI therefore offers all users the opportunity to register on a voluntary basis.Registration is free of charge. Registered users received information at regular intervals about topicalsubjects. Its pool of registered users also serves as the basis for its user surveys. It is only through acontinuous exchange of experiences with users of the manual that the document can evolve in amanner which reflects users’ needs. One of the aims of the BSI’s efforts here is to be able to give up-to-date recommendations on the kinds of IT security problems currently actually experienced.Recommendations which are not continuously updated and expanded rapidly become out of date orelse of necessity they become so generic that they fail to deliver the intended benefit of identifyingsecurity weaknesses and simplifying the specific task of implementing security measures._________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  14. 14. IT Baseline Protection of Generic Components_________________________________________________________________________________________1.2 Structure and Interpretation of the ManualThe IT Baseline Protection Manual is divided into five main areas. To facilitate understanding of themanual, a brief explanation is provided here of each of these areas.Introduction and procedureThis first section comprises Chapters 1 and 2. These chapters introduce the concept of IT baselineprotection, present guidance as to how to use the manual and how to move between topics in themanual, and discuss the procedure to be adopted in drawing up a security concept which affords ITbaseline protection. To understand the manual, it is important to work through Chapter 2. Thisdescribes in detail what steps are necessary in order to achieve a "baseline protection" level of ITsecurity. In particular, it explains how to map an existing IT infrastructure onto the various manualmodules and how to perform and document a target versus actual comparison where the target state ofaffairs corresponds to IT baseline protection.ModulesThe second section of the manual comprises Chapters 3 to 9. These chapters contain the threatscenario and the safeguards that are recommended for various components, procedures and ITsystems. In each case the relevant safeguards are gathered together in a single module. They arelogically grouped into the following chapters: Chapter 3: IT Baseline Protection of Generic Components Chapter 4: Infrastructure Chapter 5: Non-Networked Systems Chapter 6: Networked Systems Chapter 7: Data Transmission Systems Chapter 8: Telecommunications Chapter 9: Other IT ComponentsThreats CataloguesThis section of the manual contains detailed descriptions of the threats which are included in the threatscenarios for the individual modules. The threats are grouped into five catalogues: T1: Force Majeure T2: Organisational Shortcomings T3: Human Error T4: Technical Failure T5: Deliberate ActsSafeguards CataloguesThis section provides detailed descriptions of the IT security safeguards mentioned in the variousmodules of the manual. The measures are grouped into six catalogues of safeguards: S 1: Infrastructural safeguards S 2: Organisational safeguards S 3: Personnel safeguards S 4: Safeguards relating to hardware and software S 5: Communications safeguards S 6: Contingency planning safeguards_________________________________________________________________________________________IT-Baseline Protection Manual: Otober 2000
  15. 15. IT Baseline Protection of Generic Components_________________________________________________________________________________________AnnexesThe last section of the manual contains supplementary aids, forms, brief descriptions of tools coveringall aspects of IT baseline protection and a list of registered users of the manual.Interpretation of the manualThe modules, which all have the same structure, form the most important part of the IT BaselineProtection Manual. Each module starts with a brief description of the component, procedure or ITsystem under consideration.This is followed by a description of the threat scenario. The threats here are divided into theaforementioned categories of Force Majeure, Organisational Shortcomings, Human Error, TechnicalFailure and Deliberate Acts.To make it easier to see which modules are relevant and to avoid redundancies, in each case only areference is provided to the text in which the threat is described in more detail. An example isprovided below as to how a threat would be cited within a module: - T 4.1 Disruption of power supplyIn the code T x.y, the letter "T" stands for threat. The number x before the decimal point refers to theThreats Catalogue (in this case T 4 = Technical Failure) and the number y after the decimal point isthe serial number of the threat within the catalogue concerned. This is followed by the name of thethreat. It is recommended that the user then reads the text of the threat referenced for the sake ofgaining awareness and understanding the safeguards which apply, but it is not absolutely essential toread this text in order to be able to draw up an IT security concept on the basis of the IT BaselineProtection Manual.The recommended safeguards which are listed after the section on the threat scenario constitute themajor part of a given module. Brief information is presented first of all on the safeguard packageconcerned. In some modules these statements contain, for example, information on the recommendedsequence to follow in implementing the necessary safeguards.As was done with the threats, the safeguards themselves are grouped according to the headings in theSafeguards Catalogues, i.e. in this case, under the headings Infrastructure, Organisation, Personnel,Hardware & Software, Communications and Contingency Planning. The same procedure is followedas in the handling of threats, i.e. in each case only a reference is provided to the relevant safeguard. Anexample is provided below as to how a recommended safeguard would be cited within a module: - S 1.15 (1) Closed windows and doorsIn the code S x.y, "S" refers to a safeguard, and the number x before the decimal point refers to theSafeguards Catalogue (in this case S 1 = Infrastructure). The number y after the decimal point is theserial number of the safeguard within the relevant catalogue.The number in brackets - in this case (1) - assigns a priori