federal support for operators of critical infrastructures in the field of information security. To improve information security sustainability and cost efficiency and achieve levels of security that are as uniform as possible among federal authorities, the ISA focuses on the most critical information systems and aims to harmonise federal measures. However, the ISA does not establish any specific information security measures. This omission is deliberate; the speed of technological developments could render such measures obsolete. Instead, the ISA intends to create a formal legal framework based on which federal authorities can implement information security as uniformly as possible through ordinances and internal directives.