Sign In
Energy · KRITIS · § 11 EnWG

Grid inbox.KRITIS-fit.With § 11 EnWG context.

MailGuard and DMARC for energy and utility companies under KRITIS and § 11 (1a) EnWG. NIS-2 ready, EU hosting, ISMS hook. As of 2026.

Request a demoMailGuard in detail
At a glanceAs of 2026

Office IT with KRITIS protection, no OT touch.

  • Phishing from supplier domainsBEC and URL-reputation layer at the inbox
  • Brand abuse without visibilityDMARC reports and reject policy
  • KRITIS audit without measure mappingMeasures auditably documented
MailGuard protects the office inbox from supply-chain phishing, DMARC protects the utility brand. KRITIS layer without OT touch.
Right for you if:Energy, grid, utilityKRITIS sector energyNIS-2 ready
100 %
EU hosting
KRITIS
sector energy
§ 11 EnWG
context
30 min.
MX switch

Compliance anchors

KRITIS BSI-KritisV§ 11 (1a) EnWGBSI Security CatalogueNIS-2 essential entity

Conbool supports the requirements from BSI-KritisV, BSI Security Catalogue per § 11 (1a) EnWG and NIS-2 at the measure level. Conbool does not interact with OT systems and only complements office IT.

Four building blocks for the utility.

MailGuard for the office inbox, DMARC for the utility brand, SecureMail for confidential correspondence, Disclaimer for required disclosures.

MailGuard

MailGuard

BEC, supplier-domain phishing and attachment protection for office inboxes.

MailGuard in detail
DMARC

DMARC Reports

Reject policy against brand abuse in energy-phishing waves.

DMARC Reports in detail
SecureMail

SecureMail

Encrypted correspondence to authorities, BNetzA and suppliers.

SecureMail in detail
Disclaimer

Disclaimer

Per-utility and per-brand disclosures, server-side.

Disclaimer in detail
Typical workflows

Four scenarios from a working utility.

From supplier mail to audit.

1

Catch supplier phishing

Forged mail from supplier domains trying to change configurations or payments is blocked by MailGuard at the authentication layer.

2

Protect brand integrity

DMARC reject policy against phishing waves claiming to come from the utility.

3

Correspondence with BNetzA and authorities

Encrypted mail to supervisory authorities with audit log and delivery receipts.

4

KRITIS audit trail

Audit log per GDPR Art. 30 as evidence in the § 8a BSIG audit.

Architecture

KRITIS layer without touching OT.

Conbool sits in front of Microsoft 365 in the office IT. Control and grid systems remain unchanged.

MX switch

Inbound SMTP runs through Conbool, M365 stays the back-end.

Office/OT separation

Conbool does not interact with OT networks. Office IT and control room remain separated.

ISMS hook

Configuration is documentable as a technical measure in the ISMS.

SIEM hook

Audit log via standard connector to the utility SIEM.

Compliance mapping

BSI Security Catalogue § 11 EnWG in technical terms.

The BSI Security Catalogue per § 11 (1a) EnWG requires an ISMS and protection measures. Conbool covers measures at the mail and data layer.

Protection-needs assessment

Conbool as a technical measure in the protection-needs analysis for office IT.

Confidentiality measures

End-to-end encryption in SecureMail and SecureFiles.

Integrity measures

DMARC-aligned outbound identity, tamper protection in the audit log.

Evidence

Audit log as auditable evidence in the § 8a BSIG audit.

Migration

Pilot in a utility, then group rollout.

Pilot in one subsidiary or utility, then group rollout via the Microsoft admin centre.

Pilot

One subsidiary or utility starts, the rest stays unchanged.

Group rollout

Outlook add-in for all office staff via the admin centre.

NIS-2 transition

NIS-2 requirements are addressed at the measure level in parallel.

Legacy sunset

Existing SEG or filter solution runs in parallel and is replaced step by step.

Frequently asked questions

Does Conbool touch OT systems?
No. Conbool only complements office IT at the mail and data layer. Control and grid systems remain unchanged. OT/IT separation is preserved.
How does Conbool fit § 11 (1a) EnWG?
Conbool covers measures at the mail and data layer and maps to the ISMS measures required in the BSI Security Catalogue per § 11 (1a) EnWG for office IT. KRITIS classification is decided by the operator itself.
What does the NIS-2 transition look like?
NIS-2 expands the addressee group and specifies duties. Conbool supports the required measures for network and information security at the mail layer.
What does the ISMS integration look like?
Conbool provides a measure description that can be integrated into ISO 27001 or IT-Grundschutz. SIEM export via standard connector to the utility SOC.
What does Conbool cost for utilities?
Modular per function and per mailbox. Group volume discounts. Concrete pricing on request.
What about utility groups with multiple subsidiaries?
Conbool supports multi-tenant setups or one central tenant for utility groups with several subsidiaries.
Can we use SecureFiles for grid plans?
Yes. SecureFiles works as a direct line for large grid plans, schematics and supplier bundles, with configurable retention per project.

Verwandte Lösungen

Hornetsecurity-Alternative

Deutsche MailGuard-Alternative nach der Proofpoint-Übernahme.

Phishing-Schutz

BEC, Spear-Phishing und QR-Code-Phishing erkennen und entfernen.

Ransomware-Schutz E-Mail

Mehrstufige Anhang-Filter und URL-Reputation gegen Ransomware-Kampagnen.

Spam-Filter Unternehmen

Spam und unerwünschte Massenmail mit DACH-Heuristiken filtern.

CEO-Fraud-Schutz

BEC und CEO-Fraud-Attacken über Authentifizierungs-Layer abwehren.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Krankenhaus & Klinik

KRITIS-Schwester nach § 8a BSIG mit ähnlichem Meldewesen ans BSI.

Öffentliche Verwaltung

Kommunaler Träger, Stadtwerk und Gebietskörperschaft als Eigentümer-Anteilseigner.

Maschinenbau & Industrie

Anlagenbauer, Schaltanlagen-Lieferanten und Engineering-Partner im Netzbetrieb.

A KRITIS layer for office IT.

Demo in 30 minutes. Pilot in one subsidiary. Modular by function.

Request a demoMailGuard in detail

Sources and date

Statements about KRITIS are based on BSI-KritisV in its respective version. Statements about the BSI Security Catalogue are based on the BNetzA publication per § 11 (1a) EnWG. Statements about NIS-2 are based on Directive (EU) 2022/2555 and its national transposition. As of 2026.

BNetzA and BSI are designations of the respective authorities. Microsoft and Microsoft 365 are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.