BSI IT-Grundschutz is the German public sector's reference methodology for information security, structured around BSI-Standard 200-1 (the ISMS), 200-2 (the IT-Grundschutz methodology) and 200-3 (risk analysis), with the IT-Grundschutz-Kompendium supplying the building blocks (Bausteine) and their requirements.
Cybsis maps the building blocks and their requirements into the same asset, business-process, risk, control, and document model as the rest of the catalogue, so a German buyer works against IT-Grundschutz in German rather than a translated ISO crosswalk. The three protection levels — Basis-, Standard- and Kern-Absicherung — scope how much of the Kompendium applies.