BSI sets minimum standards for web browsers

B2B Cyber ​​Security ShortNews

Share post

The BSI has the minimum standard for Web browser revised for administration and published in version 3.0. Companies can also use this as a guide. Also the supplementary browser comparison table and the reference table for IT-Basic protection has been updated accordingly. 

Web browsers serve as central software for navigating the Internet. They also process data from untrustworthy sources that contain malicious code. Computers, cell phones and tablets can become infected unnoticed.

At the same time, the functions and interfaces of web browsers are constantly increasing. This means they also offer an increasing target for cybercriminals. The dynamic development of software products, the increasing mobile use and the central role of web browsers therefore make it necessary to take current security requirements into account. The Federal Office for Information Security (BSI) has published the new version 3.0 of the minimum standard for web browsers.

Federal standard for companies as a guideline

The scope of application has been significantly expanded compared to the previous version: For the first time, the new version also applies to web browsers on mobile platforms (“mobile browsers”) of the Federal Administration. The minimum standard contains relevant information and additions that take into account the technical characteristics of mobile operating systems. The requirements are applicable to both workstation computers and mobile platforms.

Along with the minimum standard, the BSI has also updated the associated browser comparison table. This serves as a working aid for users in the federal administration. It describes how the minimum standard requirements can be implemented for the web browsers most commonly used there. In principle, any web browser that can meet the minimum standard can be used.

The minimum standard for secure web browsers, first published in 2017 in accordance with Section 8 Paragraph 1 BSIG, is primarily aimed at IT managers, IT operations staff and information security officers of the federal administration. But it can also serve as a guide for states, municipalities and the economy. More The BSI has separately published minimum standards, for example for the use of external cloud services or mobile device management.

More at


About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more