Sign In
Public sector · BSI · OZG

Administration.Encrypted.With BSI context.

MailGuard and SecureMail for federal, state and local administration with BSI IT-Grundschutz context. EU hosting, EVB-IT-fit, clear boundary to beBPo. As of 2026.

Request a demoMailGuard in detail
At a glanceAs of 2026

Encryption and protection without running it yourself.

  • Self-running mail securityBSI-aligned service with DPA
  • Confusion with beBPo and EGVPClear boundary to mandatory channels
  • Procurement without EVB-IT contextEVB-IT-fit contract structure
Conbool covers mail and data transport for the public sector with BSI IT-Grundschutz context. EU hosting, clear beBPo and EGVP boundary, no replacement for mandatory channels.
Right for you if:Federal, state, localOZG implementationEVB-IT-fit
100 %
EU hosting
BSI
IT-Grundschutz
OZG
context
30 min.
Setup per tenant

Compliance anchors

BSI IT-Grundschutz building blocksOZG online servicesNIS-2 public bodiesProcurement EVB-IT

Conbool supports measures from BSI IT-Grundschutz at the mail and data layer. Conbool does not replace beBPo, EGVP or other legally mandated electronic channels and only complements them in general administrative communication.

Four building blocks for administration.

MailGuard for inboxes, SecureMail for confidential correspondence, SecureFiles for large attachments, Disclaimer for required disclosures.

MailGuard

MailGuard

BEC, phishing and attachment protection for administrative inboxes.

MailGuard in detail
SecureMail

SecureMail

Encrypted correspondence to citizens, counsel and other authorities.

SecureMail in detail
SecureFiles

SecureFiles

Direct line for large case files and attachments, with audit log per access.

SecureFiles in detail
Disclaimer

Disclaimer

Per-authority and per-department disclosures, server-side.

Disclaimer in detail
Typical workflows

Four scenarios from public administration.

From the citizen inbox to inter-agency correspondence.

1

Protect the citizen inbox

Phishing and spam waves to administrative inboxes are caught by MailGuard at the authentication layer.

2

Encrypted citizen communication

Citizens without a certificate read the message in the web reader, no account or software install.

3

Inter-agency case files

SecureFiles as a direct line for large case files between agencies, beyond Outlook size limits.

4

Procurement-fit acquisition

EVB-IT-fit contract structure and acquisition via framework agreements possible.

Architecture

Conbool as an independent layer.

Conbool sits in front of Microsoft 365 or Exchange. Specialised case-handling systems remain unchanged.

MX switch

Inbound SMTP runs through Conbool, Microsoft 365 stays the back-end.

Specialised systems

Conbool does not interact with specialised case-handling systems and only complements office communication.

beBPo and EGVP

Mandatory channels like beBPo and EGVP continue unchanged.

SIEM hook

Audit log via standard connector to the agency SIEM.

Compliance mapping

BSI IT-Grundschutz in technical terms.

BSI IT-Grundschutz defines building blocks for protection on different layers. Conbool covers blocks in the area of email and data transport.

Building-block mapping

Conbool maps to blocks in the application area, in particular email security.

Protection-needs assessment

Conbool as a documentable technical measure in the protection-needs analysis.

Emergency management

Multi-stage filter and backpressure protection layers for the mail chain.

Audit trail

Audit log per GDPR Art. 30 as evidence.

Procurement and migration

EVB-IT, framework agreement and pilot.

Conbool is EVB-IT-fit and can be acquired via framework agreements. Pilot starts in one department.

EVB-IT-fit

Contract structure complies with EVB-IT requirements.

Framework agreement

Acquisition via framework agreement or direct procurement under the threshold.

Pilot in one department

One department starts, the rest of the agency stays unchanged.

OZG hook

Conbool supports OZG requirements at the mail layer but does not replace the OZG portal itself.

Frequently asked questions

Does Conbool replace beBPo or EGVP?
No. beBPo and EGVP are legally mandated channels for electronic communication with German courts and agencies and remain unchanged. Conbool covers general administrative communication.
How does Conbool fit BSI IT-Grundschutz?
Conbool covers building blocks in the area of email and data transport and can be added to the protection-needs analysis as a technical measure.
What does the EVB-IT context look like?
Conbool is EVB-IT-fit. Contract structure complies with EVB-IT requirements for cloud services. Acquisition via framework agreement or direct procurement under the threshold is possible.
What does that mean for OZG online services?
Conbool supports OZG requirements at the mail layer through encryption, audit log and EU hosting. Conbool does not replace the OZG portal itself.
What about NIS-2 for public bodies?
NIS-2 expands the addressee group to certain public bodies. Conbool supports the required network and information security measures at the mail layer.
What does ISMS integration look like?
Conbool provides a measure description that can be integrated into BSI IT-Grundschutz or ISO 27001.
What does Conbool cost for the public sector?
Modular per function and per mailbox. Public-sector conditions via framework agreements possible. Concrete pricing on request.

Verwandte Lösungen

Hornetsecurity-Alternative

Deutsche MailGuard-Alternative nach der Proofpoint-Übernahme.

Phishing-Schutz

BEC, Spear-Phishing und QR-Code-Phishing erkennen und entfernen.

Ransomware-Schutz E-Mail

Mehrstufige Anhang-Filter und URL-Reputation gegen Ransomware-Kampagnen.

Spam-Filter Unternehmen

Spam und unerwünschte Massenmail mit DACH-Heuristiken filtern.

CEO-Fraud-Schutz

BEC und CEO-Fraud-Attacken über Authentifizierungs-Layer abwehren.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Energieversorger & Stadtwerke

Kommunale Stadtwerke mit KRITIS-Bezug und gleicher Behördenanbindung.

Krankenhaus & Klinik

Kommunale Kliniken in der Daseinsvorsorge mit KHZG und KRITIS.

Banken & Sparkassen

Sparkassen und Landesbanken mit kommunalem Träger und BAIT/DORA-Maßstab.

A BSI-fit platform for administration.

Demo in 30 minutes. Pilot in one department. EVB-IT-fit.

Request a demoMailGuard in detail

Sources and date

Statements about BSI IT-Grundschutz are based on BSI standards and the IT-Grundschutz building blocks in their respective version. Statements about OZG are based on the German Online Access Act and its follow-up regulations. Statements about NIS-2 are based on Directive (EU) 2022/2555. Statements about EVB-IT are based on the supplementary contract conditions for IT procurement. As of 2026.

BSI is a designation of the Federal Office for Information Security. beBPo and EGVP are state electronic channels. Microsoft, Microsoft 365 and Exchange are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.