KRITIS B3S public traffic sector (VDE 0832-700)

Datenschutz Grundverordnung Icon

Industry-specific safety standard

B3S public traffic sector (VDE 0832-700)

The transport and traffic sector has been subject to a number of additional legal security requirements since the IT Security Act, if a plant is classified as Critical Infrastructure (KRITIS). The BSI-KritisV defines threshold values for when a plant is to be regarded as a critical infrastructure.  The threshold value for traffic control and guidance systems in municipal road traffic is 500,000 supplied inhabitants.

In order to meet the legal requirements to implement and maintain IT security measures in accordance with the "state of the art", companies that are considered critical infrastructure in the sense of the law must implement the industry-specific safety standard (B3S) for road traffic. The core requirement of the B3S is the establishment of ISMS in accordance with ISO/IEC 27001:2013, taking into account the industry-specific requirements. These were defined in the VDE standard DIN VDE V 0832-700, which was prepared by DKE/AK 355.0.5 [before DKE/AK 713.3.5] "Protective measures against unauthorized access".

The deadline for the implementation and review of the B3S expires in June 2019. In addition, KRITIS companies are also subject to an obligation to report significant IT disruptions to the BSI.

The scope of this guideline covers in particular the entire digital infrastructure of road traffic technology with its control and guidance systems. This includes the entire IT-supported control technology, programming- and parameterization devices, network-, telemetry- and remote control technology as well as all programs and applications used. Processes within the application area deal with the decentralized road traffic signal system, data acquisition, central control and service processes.

We support various company divisions in the transport sector in meeting the legal requirements.

Our solutions for companies in the road transport sector:

  • Structure of ISMS according to ISO/IEC 27001:2013
    • Organizational and technical gap analyses
    • Creation of security guidelines, processes and procedures
    • ISMS implementation at organizational level according to ISO/IEC 27001:2013 as well as the BSI-100 series (basic protection)
    • Safety concepts / controls according to ISO/IEC 27002:2013 and DIN VDE V 0832-700
    • ISMS operationalization
    • ISO/IEC 27001 certification support
  • We implement the organizational measures from Security Management (e.g. ISMS) in a technically effective way.
  • Security Monitoring for the earliest possible detection and resolution of problems
  • Incident Response
    • Establishment of an own Incident Response Team (CSIRT/CERT)
    • Establishment of a Security Operating Center (SOC)

KRITIS operators must have an independent audit of the implemented measures carried out by 29 June 2019.

In all solutions for the transport sector, the focus is always on the technical and operational effectiveness of the measures.

If you do not fall under the threshold values of the BSI Critis Regulation, we offer further solutions tailored to your needs for the transport sector.

Your contact person


Andreas Eichmann

Senior account manager
Tel. +49 2173 20363-0

Reference projects

  • Implementation B3S W/A
    • 9 KRITIS operators water sector
  • Technical securtiytests
    • Water & waste water organisations
  • Implementation ISMS
    • Water & waste water organisations

more reference projects...

Committee work

  • Spiegelgremium NA 043-01-27
    • DIN
  • ISO IEC JTC1 SC27 (WG3 und WG4)
    • ISO
  • AG "WI-5.4 Cyber-Sicherheit"
    • DWA

more committee work...


  • Operationalization of network operator ISMS
    • AK IT-SiBe EVU
    • Nov 2016
  • Development of an ISMS at an area network operator
    • VDE Symposium
    • Sep 2016
  • IT Security Law: What is in store for you
    • it-sa 2015
    • Oct 2015

more lectures...


  • KRITIS security standard for the water sector
    • WasserWirtschaft
    • Nov 2017
  • KRITIS security standard for the water sector
    • wlb - Wasser, Luft und Boden
    • Sep 2017
  • KRITIS security standard for the water sector
    • gwf Wasser + Abwasser
    • Jul 2017

more publications...