ENISA and TeleTrusT – IT Security Association Germany have published their guidelines in English.
“The document published on the “state of the art” in IT security provides concrete advice and recommendations for action. These guidelines are intended to provide companies, providers (manufacturers, service providers) alike with assistance in determining the “state of the art” within the meaning of the IT security legislation. The document can serve as a reference for contractual agreements, procurement procedures or the classification of security measures implemented. They are not a replacement for technical, organisational or legal advice or assessment in individual cases. “
https://www.enisa.europa.eu/news/enisa-news/what-is-state-of-the-art-in-it-security