New version of IT-Grundschutz Module for Qubes Client

Brief summary

Although Qubes is able to provide a high level of security, like with any other operating system this can be subverted by sufficient stupid usage. Installation, configuration, and usage may be done in such a way that the excellent features of the system are wrongly used or not used at all.

In order to help users set up a secure operating environment, the German Federal Office for Information Security (BSI, Bundesamt für Sicherheit in der Informsationstechnik) has defined an excellent standard covering most relevant issues, in a much more detailed way than is done in ISO 27001. The standard is called IT-Grundschutz (something like baseline security) and covers about 100 areas, called modules. In the area of operating systems, there are, among others, modules for Windows, Unix, and macOS.

As a module for Qubes OS could be helpful, I have provided such a module which is available from the BSI server. In order to reflect changes that occurred in the last two years, I have now updated this module, removed one threat that is no longer relevant, and added three more requirements describing options for the installation of more exotic software.

Additional context

A draft version of the module is here:
Any comments, corrections, and suggestions for improvement are highly welcome!
In a few weeks, the German version of the module will be published as a user module on the webserver of the BSI. If the BSI sees sufficient interest in this module, it can be promoted to be a part of the standard.


Thanks @GWeck for keeping this valuable resource up to date!