This standard describes a baseline of security requirements for web-based applications, application components, and services of . These requirements are mandatory for newly developed applications and recommendations for existing ones.

The baseline defined in this document may be increased if necessary for applications with higher protection requirements.