Cyber Security

The public institution shall as a minimum have a documented Information Security Policy (ISP) bas...

Install and configure gateway firewall. Configure inbound and outbound Access Control List (AC...

The institution shall limit system access to authorized users, processes acting on behalf of au...

Access control: It shall start with IT assets, data, and personnel classification into specific...

The institution shall ensure that executives, senior management, managers, systems administrators...

The institution shall create and retain system audit logs and records to the extent needed to ena...

The institution shall establish and maintain baseline configurations and inventories of instituti...

The institution shall identify system users, processes acting on behalf of users, and devices. ...

The institution shall have an operational incident-handling capability for institutional systems,...

The institution shall perform maintenance on institutional digitalization systems. The institu...

The institution shall protect (i.e., physically control and securely store) system media contai...

The public institution shall identify (inventories) its own human resources. For each official ...

The institution shall divide the area it manages into security zones based on risk assessment t...

The institution shall periodically (at least once a year) assess the risk to institutional operat...

The institution shall monitor, control, and protect communications (i.e., information transmitt...

The institution shall identify, report, and correct system security flaws on time. The institu...

The institution shall identify and meet the requirements for preserving privacy and protecting PI...

The institution shall ensure that backup copies of data, software and system images are regular...

In collaboration with a competent authority where applicable, the institution shall establish a...

Users shall have different passwords for different accounts. All default passwords shall be ch...