How do you handle classified information


VS-NfD stands for "classified information - only for official use" and is the lowest of a total of four levels of confidentiality for authorities. Information marked with VS-NfD may only be viewed by authorized persons. Information is generally classified as classified if it has to be kept secret for governmental interests.

Legal basis of VS-NfD

The legal basis on this topic can be found in the Security Review Act (SÜG), the General Administrative Regulation on Secrecy (classified information, VSA for short) and the Manual for Secrecy in Business (GHB for short) from the Federal Ministry for Economic Affairs and Energy.

Further legal obligations can result from individual contractual agreements with the respective client or from the Federal Ministry for Economic Affairs and Energy (BMWi). According to §25 SÜG, the BMWi is responsible for the supervision and control of security-sensitive activities within the economy.

Classified information

According to Section 4 of the SÜG, classified information (“VS” for short) is knowledge, objects or facts that need to be kept secret in the public interest. The form of representation does not matter. Both a photocopy and a technical device or the spoken word can represent classified information. The classification is classified by an authority depending on the need for confidentiality or the classification is initiated by them.

There are four levels of confidentiality in Germany:

1) VS-only for official use (VS-NfD)
2) Confidential
3) Secret
4) Top Secret

The requirements for personal and material security measures vary depending on the degree of security.

Personal confidentiality of the VS-NfD level

All persons who may come into contact with classified information are affected by personal security protection. The aim is to ensure that people who pose a security risk do not have access to the classified information.
People who have access to VS-NfD level VS or who can obtain access to it must comply with the rules set out in the information sheet in Appendix 4 GHB in accordance with Section 1.7 GHB.

Material security of level VS-NfD

In the case of material secrecy, the technical and organizational precautions in the company to protect the classified information are linked. Measures with regard to labeling, production, reproduction, processing, safekeeping, administration, forwarding and transport of classified information as well as the security of IT systems are prescribed.
Classified information with the classification VS-NfD must be directed to the material security according to the specifications in Annex 4 and 4a GH, section 1.7 GHB.

VS-NfD and IT security

If classified information is processed with the help of IT systems (with the consent of the BMWi), the topic of IT security becomes relevant. Depending on the level of secrecy, special protective measures must be taken to guarantee the availability, integrity and confidentiality of the classified information. This includes technical and organizational measures such as access control, the deletion and destruction of data and data backup. According to the VSA, regular implementation of the IT-Grundschutz Standard (BSI Standard 100-2) may be necessary.