As an operator of critical infrastructures, you must ensure that the security of your information technology is state of the art and prove this to the Federal Office for Information Security.