The joint project MoSaIK aims to support smaller operators of critical infrastructures in the analysis of the IT security of their computer and control systems. These are to be enabled by new methods and tools to always provide a timely and meaningful picture of the risks and the achieved safety level with justifiable effort. The project is pursuing a model-based research approach for the risk analysis and the assessment of the safety level, especially for smaller operators of critical infrastructures. In the process, proven methods of model-based analysis from the area of system and software engineering are transferred to the field of application of the supplier IT systems. In this way, the properties of different complex systems can be recorded consistently and the safety situation can be fully or partially automatically analyzed and evaluated with precisely fitting tools.