To protect your data, only usage data is processed on this website according to the EU General Privacy policy Regulation (GDPR).
For privacy policy information with explanation of the web analysisFrequently asked questions
- General information
- Login for already registered institutions
- User administration
- How do I create a user account in the MIP?
- Which roles/permissions can be assigned to users in the MIP?
- What permissions does the „Institutionsverwalter“ role have?
- What permissions does the „Institutionsverwalter (eingeschränkt)“ role have?
- What permissions does the „Verwalter Meldeberechtigte“ role have?
- What permissions does the „Meldeberechtigt“ role have?
- Can the roles of users be changed?
- Can a role be assigned to a user for a limited period of time, e.g. in the event of substitution?
- How can new users be added to an institution?
- Does a new invitation link have to be created for each invited user?
- Is the number of possible users of an institution limited?
- Is it permissible for several users with the same role to be assigned to one institution?
- What permissions do the invited users receive?
- Does the BSI have to be informed about invited users who have been assigned to a registered institution?
- Can users be removed from the institution?
- How can I change the password?
- How can I reset the password?
- Registering an institution
- WWhy are the names of the created/registered institutions not displayed?
- Can operators of energy supply networks register in the MIP??
- Can an institution be registered with several reporting points?
- Where can the status of the registration be viewed?
- Can a registration that has been started be saved and continued later?
- Can an institution created in the MIP be deleted?
- Reporting an IT fault
- Two-factor authentication
- Other questions
General information
What is an institution ID?
The institution ID is the unique identifier of your institution in the MIP. It is a five-digit individual character string. Once you have successfully registered as a user in MIP, you can create a new institution. A new institution ID is assigned automatically. You can then register your institution with one of the reporting points. For KRITIS operators, the institution ID corresponds to the previously used operator ID and replaces it.
What is the user name?
The user name is a unique user ID with which you are registered as a user in the MIP. It is a six-digit individual character string with the prefix ‘U’. Personal data such as your first name, surname and e-mail address are not stored in the MIP for security reasons. Please make a note of your user name.
What is an alias?
An alias is an alternative display name that can be stored for an institution ID and a user name. You can manage the alias for the institution under “Institution administration” and for the user name under “Personal settings”. Aliases make it easier to manage several institutions and their users.
The MIP only saves the names of users and institutions until they have been moved to the BSI's internal systems. However, assigned aliases are stored permanently in the MIP. This weakens the anonymity of users and institutions in the MIP.
Login for already registered institutions
Which URL should be used for login?
BPlease use the following URL to log in to the new MIP: https://mip2.bsi.bund.de.
User administration
How do I create a user account in the MIP?
Please go to the menu item ‘Registration’ and enter your first name, surname, e-mail address and password. After confirming the ‘to register’ button, your user name will be generated automatically. You will then immediately receive an activation link to the e-mail address you provided.
What roles/permissions can be assigned to users in the MIP?
The following user roles are available in the MIP:
- „Institutionsverwalter“. With this role, users have unrestricted access to all MIP functions. This role is assigned to a user as soon as their application to register an institution has been approved.
- „Institutionsverwalter (eingeschränkt)“. The restriction relates to user administration and access to the information area. (The role is only available to the KRITIS reporting point).
- „Verwalter Meldeberechtigte“. Has the same rights as the „Meldeberechtigt“ role. In addition, the role can add or remove new users to the institution as „Meldeberechtigt“.
- „Meldeberechtigt“. Permissions are limited to the creation, submission and editing of reports. The information area is available to users with this role.
What permissions does the „Institutionsverwalter“ role have?
- Access to BSI information, e.g. situation reports
- Management of reports (enter, read, change, delete reports)
- Selection of the clean-up period for reports
- User management (add users and grant or revoke permissions)
- Activation of two-factor authentication for the institution
What permissions does the „Institutionsverwalter (eingeschränkt)“ role have?
- Management of reports (enter, read, change, delete reports)
- Selection of the purge period for reports
- Activation of two-factor authentication for the institution
What permissions does the „Verwalter Meldeberechtigte“ role have?
- Access to BSI information, e.g. situation reports
- Management of reports (enter, read, change, delete reports)
- User management (add users and withdraw permissions)
What permissions does the „Meldeberechtigt“ role have?
- Access to BSI information, e.g. situation reports
- Management of reports (enter, read, change, delete reports)
Can the roles of the users be changed?
Yes, under the menu item „Institutional administration“ all users of the institution are displayed in the „Roles“ section. Here, users with the „Institutionsverwalter“ role can make changes to the role assignments of other users.
Can a role be assigned to a user for a limited period of time, e.g. in the event of substitution?
Yes, roles can be assigned a start and end date. New users should be trained by the institution administrator beforehand.
How can new users be added to an institution?
New users can only be added to a registered institution via an invitation link. This function is available to users with the role of „Institutionsverwalter“ or „Verwalter Meldeberechtigte“ under the menu item „Institutional administration“ -> „add user“. All users who are assigned to an institution via an invitation link are automatically assigned the „Meldeberechtigt“ role. The invitation link is valid for 24 hours and can be used by several users.
In order to accept the invitation via the link, the invited person must already be registered and logged in to the portal. The invitation link only works if it is called up in the same browser tab or in another tab in the same browser window in which the active session of the logged-in user is located!
Does a new invitation link have to be created for each invited user?
No, the link can be used by any number of users. However, invitation links are only valid for 24 hours.
Is the number of possible users for an institution limited?
No, the number of users assigned to an institution is not limited. Please make sure that only permitted persons have access. As no real names are stored in the MIP, it is advisable to keep a user overview elsewhere.
Is it permissible for several users with the same role to be assigned to one institution?
Yes, several users with the same role can be added to a registered institution.
What permissions do the invited users receive?
All users assigned via the invitation link initially receive the „Meldeberechtigt“ role, which can be changed by a user with the „Institutionsverwalter“ role
Does the BSI have to be informed about invited users who have been assigned to a registered institution?
No, the BSI does not have to be informed about invited users.
Can users be removed from the institution?
Yes, users with the role of „Institutionsverwalter“ or „Verwalter Meldeberechtigte“ can remove other users from the institution.
How can I change the password?
You can change your current user password in the„personal settings“ menu item.
How can I reset the password?
The password reset process can be started under the "Login" menu item via the "Forgot Password?" link. BIf you have any problems, please send an e-mail to the contact provided for your reporting point at https://mip2.bsi.bund.de/kontakt, stating the institution ID and your user name. In the case of manual processing, the new password is sent to the organisational contact person of the institution registered with the BSI at the KRITIS reporting point. The institution's organisational contact person should therefore be kept up to date at all times.
Registering an institution
Why are the names of the created/registered institutions not displayed?
For security reasons, the names of the institutions are not saved in the registration and information portal. The institutions can be accessed via their Ids.
Can operators of energy supply networks register in the MIP?
To register, please select „Meldestelle KRITIS“ and complete the registration form. In the current form, only the term „Kritische Infrastrukturen“ is used, but this also refers to all energy supply networks within the meaning of the gemarn law on energy management (EnWG).
Can an institution be registered with several reporting points?
Yes, an institution can be registered with several reporting points. However, only one registration application per reporting point can be submitted at the same time.
Where can I view the status of my registration?
You can see the processing status of your registration in the menu item „Institutional administration“.
If the registration application for a reporting point is accepted by the BSI, you will be given access to other areas of the MIP to view information and submit reports.
Can a registration that has been started be saved and continued later?
Yes, a registration that has been started can be saved as a draft in the MIP for 48 hours. The data is then deleted. The data entered can be exported in JSON format and re-imported at a later date, even after the 48 hours have expired, and the application can be continued. It is not necessary to complete all mandatory fields in either case.
Note for KRITIS operators: Please note that when exporting, only the data from the registration form (master and contact data) is exported, but not the information on critical infrastructures/ facilities.
Can I delete an institution?
An institution created in the MIP can only be deleted by the creator if it has not yet been registered for a reporting point and no registration application has been submitted.
Reporting an IT fault
How can an IT fault be reported to the BSI?
After logging in to the MIP, you will find the relevant reporting forms under the menu item „Reports“. This menu item is only available once your institution has registered with a reporting point.
How long are reports submitted to the BSI visible in the MIP?
Reports submitted to the BSI are available for viewing for at least 3 hours. After this time, the contents of the report will be deleted from the portal. You can extend the clean-up period to a maximum of 42 hours.
Can follow-up or final reports be submitted after the initial report has been cleared?
Yes, you can continue to submit follow-up and/or final reports for a cleared report. Follow-up and final reports are only possible for the KRITIS reporting point.
Can the contents of a report be exported and later re-imported/used for further reports?
You have the option of exporting the report data in JSON format, saving it locally, importing it back into the MIP at a later date and processing it further. For example, the contact person and their contact details can be saved and uploaded with each report.
Two-factor authentication
Is two-factor authentication mandatory?
No, two-factor authentication is optional and provides additional protection for your data. However, you can oblige all users of your institution to use a second factor by activating the „Two-factor obligation“ under the menu item „Institutional administration“.
Which tokens can be used in the MIP?
The token must fulfil the FIOD2 standard. It is irrelevant for the system whether it is a physical token or a software token. Physical tokens are connected to the device via Bluetooth, NFC or USB. Software tokens are provided for the Android, iOS and Windows operating systems, for example.
The user independently registers his token in his MIP account. The MIP supports any number of tokens per user.
Further information can be found on the Fido Alliance website: https://loginwithfido.com/ and
https://fidoalliance.org/fido2-2/fido2-web-authentication-webauthn\
How can two-factor authentication be activated?
You can register new tokens under the menu item „personal settings“. If at least one token is registered, logging in is only possible with the second factor. It is recommended to register at least two tokens for one user. This makes it possible to log in with the second token even if one token is lost. After adding the tokens, they should be renamed using the pencil symbol button so that the tokens can be distinguished from each other.
How can tokens be deleted in the event of loss/damage if no second token has been deposited?
To delete a token, please send an e-mail stating the institution ID and your MIP user name to the contact provided for your reporting point at https://mip2.bsi.bund.de/kontakt.
It is recommended to register at least two tokens for one user. If a token is lost, another token can be used to regain access.
How can the token PIN be reset?
In this case, the FIDO token must be reset and then registered again in the MIP. The previously used token must be deleted from the MIP in order to store it again.
- Please send your user name to the contact stored for your reporting point at https://mip2.bsi.bund.de/kontakt. This is only necessary if you do not have another token on the MIP that you can use to log in and remove the token with the forgotten PIN yourself.
- Reset your token to the factory settings:
- Under the Windows operating system, you can enter the search term PIN under „settings“
- Then select „Security key“ aus -> Manage -> Reset security key.
- This deletes all data on the FIDO token
- Log in to mip2.bsi.bund.de and register your previously reseted token.
Can the BSI OTP tokens be used in the new MIP?
No, the OTP tokens issued by the BSI in the past cannot be used. Tokens according to the FIDO2/WebAuthN standard are required for two-factor authentication in the new MIP. The tokens have to be acquired by the respective users.
Other questions
As a KRITIS operator, how can I submit changes to registration data to the BSI?
If you want to make changes to your registration data, please DO NOT register again in the reporting portal. Instead, please log in to the reporting portal and download the following forms from the Information (Category: KRITIS-Formulare) menu:
- for changes to the institution data the form „aenderung-kontaktstelle.pdf“
- for changes to the institution data the form „Anlage KRITIS“
- for deregistration of a Critical Infrastructure the form „antrag-deregistrierung-kritis.pdf“
You can edit the forms electronically or alternatively print them out, fill them in manually and send them scanned to Kritische.Infrastrukturen@bsi.bund.de.
Can other documents be transmitted to the BSI via the MIP?
No. Please send other documents, e.g. verification documents in accordance with Section 8a BSIG, to the BSI in the usual way or ask the contact persons for your reporting point about the possible transmission channels.