The Federal Office for Information Technology (BSI) has fundamentally revised its minimum standard for Mobile Device Management (MDM). Version 2.0 updates the requirements document, which was first published in 2017, to the state of the art and expands the catalog of requirements. The requirements for IT security in the minimum standards of the BSI are binding for the federal government and its authorities. However, many companies also voluntarily follow them.
The MDM 2.0 minimum standard fundamentally changes the structure of the document, but also introduces new requirements in terms of content, including in the areas of strategy, working methods and operational processes.
Old standards have also been revised, harmonized with the current IT baseline protection compendium and compared with the current Common Criteria protection profile for Mobile Device Management – Trusted Server.
BSI minimum standards are intended to ensure cyber security
MDM systems are used to integrate and manage mobile devices such as smartphones and tablets in the IT systems of federal authorities. The aim of the MDM minimum standard is therefore to “establish a uniform minimum level of security with effective measures to defend against cyber attacks within the heterogeneous landscape of authorities”. The BSI also publishes minimum standards for eight other areas of the federal IT landscape. Since 2021, the IT Security Act 2.0 has also legally obligated the federal government to comply with the requirements.
The overview of changes lists that BSI on its own websitethe document itself stands as a PDF ready for download. In addition, the formulated requirements have now been compiled in an overview table, which is also downloadable.