Add DIN SPEC 27076

[lfrancke]

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/CyberRisikoCheck/CyberRisikoCheck_node.html

https://www.dinmedia.de/de/technische-regel/din-spec-27076/365252629

I can try to extract the controls if you decide to implement this.

[ab-smith]

Yes please, that would be helpful. An excel sheet should be good for me @lfrancke . We can interact and iterate over Discord to get it done.

[lfrancke]

I took the PDF and extracted all the relevant requirements from Appendix A.
It's only available in german I'm afraid.

DIN SPEC 27076.xlsx

This is the structure:

• Nr: Identifier
• TOP: Top requirements are more or less "must haves", they can give negative points
• Themenbereich: Topic area, there are six of them
• Anforderung: Requirement, this is what needs to be fulfilled to score full points
• Leitfrage: DIN SPEC 27076 is done in the form of an interview and these are the questions that have to be asked verbatim by the interviewer
• Statuspunkte: The number of points to be gained when a requirement is fulfilled or lost when it's not
• Handlungsempfehlungen: Recommended actions to be done to fulffill the requirements

It's just a first stab, happy to massage it in any way you need.

[ab-smith]

Thanks for the details @lfrancke , that’s very valuable !
we need to discuss internally this cumulative points system with negative ones. We support currently customizable scoring system with positive integer and average at the end and this can be tricky.

[lfrancke]

Thanks! I understand you can't fulfill every request and this might not be at the top of your list.
But please let me know if I can help in any way.