Addressing BSI TRs as requirements sources

Description

• According to OZG_11, the binding standards for IT security established by the federal government and the BMI must be applied. This refers to §5 OZG
• According to OZG_12, the BMI may, in consultation with the IT Planning Council, issue statutory regulations setting out binding architectural specifications, quality requirements, and interoperability standards. This refers to §6 OZG.
• Therefore, the BMI security standards are in fact referring to the BSI IT Grundschutz, which need to be addressed within the scope of this project

Background information

-> The NEO relevant BSI TRs are documented in the RE sources table (see below)

-> They were under prioritized in relation to prio 1 sources.

-> BSI TRs need to be however addressed anyway.

• Reference issue: None yet
• External link: Sources table
• The following people may help during the clarification:

Priority

• low (sometime in the future...)
• medium (important for the current project phase, no project delay yet according to sprint planning)
• high (important for the next sprint)
• utmost urgent (needs to be resolved during the current sprint)

History (documented by team::requirements)

• 2025-11-06 : BSI TRs were set as prio 2.
• 2025-12-02: This ticket was created to track the progress of addressing BSI TRs as Neo-relevant requirements sources.

Next steps (defined by team::requirements)

• Read BSI TRs documented in the RE resources table.
• Derive Neo relevant requirements, and include them in our RE table.