CSIRT (BSI)
Computer Security Incident Response Team
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
The CSIRT is the national point of contact for cyber security incidents. Under NIS2 Article 11 + Section 32 BSIG, the BSI is the German CSIRT — it receives reports, coordinates response, and warns other entities.
What is the CSIRT (BSI)?
BSI CSIRT tasks:
- Receive incident reports (24/7)
- Early warnings to other entities
- Incident coordination at national + EU level
- Forensic support on request
- Threat intelligence sharing
Reports to: bsi.bund.de/meldungen or by telephone at 0800-274-1000.
Practical example
Ransomware incident: 24-hour initial report via the BSI portal. The CSIRT provides telephone consultation. For critical infrastructure: on-site support is possible.
Frequently asked questions
Is reporting anonymous?
No, identification is required. The CSIRT also assists with sensitive data.
International coordination?
Yes, ENISA network + sectoral CSIRTs (e.g. banks: ECB-CSIRT).