Content library
Incident management and response
Annual security report (Portugal)
Incident management
Incident management and response

Annual security report (Portugal)

Start free trial

Task description

Annual security report (Portugal)

The organization must prepare, maintain, and proactively submit an annual security report summarizing all relevant security activities and incident data for each calendar year. The report must be signed by the cybersecurity officer and submitted to the competent cybersecurity authority in accordance with the defined schedule.

The annual security report should provide a clear overview of the organization’s security posture and incident trends, including at minimum:

  • A summary of major actions and initiatives related to network and information system security;
  • Quarterly statistics on incidents, broken down by type and frequency;
  • An overview of significant incidents, outlining their impact on users, duration, and affected regions (including any cross-border effects);
  • Key lessons learned and measures taken to prevent recurrence;
  • Recommendations to enhance the organization’s security practices;
  • Any other information considered relevant to improving cybersecurity management.

The annual security report must be submitted each year by the last working day of January.

Additionally, a procedure must be in place to handle official requests for information from the CNCS. This includes:

  • Validating the authenticity of each request received from the CNCS;
  • Assigning clear responsibility for preparing and submitting the annual security report or other requested information;
  • Ensuring that the submission is completed within the specified timeframe and through the official channels designated in the request.

Requirements connected to the task

30°: Relatório anual
Regime jurídico da cibersegurança (Portugal)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Reporting of major incidents to competent authorities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
DORA
See all related requirements and other information from tasks own page.
Go to >
Reporting of major incidents to competent authorities
Communication in the event of an incident and preperations
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

13 a §: Häiriötilanteista tiedottaminen ja varautuminen häiriötilanteisiin
TiHL
2.8: Häiriötilanteista tiedottaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Communication in the event of an incident and preperations
Personnel guidelines for reporting security incidents
Critical
High
Normal
Low
Incident management and response
85
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9a §: Poikkeamien havainnointi
Kyberturvallisuuslaki
1.6.1: Reporting of security events
TISAX
1.3.2: Classification of information assets
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for reporting security incidents
Designation of an incident management team
Critical
High
Normal
Low
Incident management and response
67
requirements

Examples of other requirements this task affects

16.1.2: Reporting information security events
ISO 27001
16.1.3: Reporting information security weaknesses
ISO 27001
ID.RA-3: Threat identification
NIST
RS.CO-1: Personnel roles
NIST
5.25: Assessment and decision on information security events
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Designation of an incident management team
Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Incident management and response
104
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.4.2: Review identified compromised security measures
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Treatment process and documentation of occurred security incidents
The step-by-step process of notification of incidents to the authorities
Critical
High
Normal
Low
Incident management and response
70
requirements

Examples of other requirements this task affects

23.1: Incident notifications to CSIRT and recipients of services
NIS2
Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
DORA
11 §: Poikkeamailmoitukset viranomaiselle
Kyberturvallisuuslaki
12 §: Poikkeamaa koskeva väliraportti
Kyberturvallisuuslaki
13 §: Poikkeamaa koskeva loppuraportti
Kyberturvallisuuslaki
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities
Competence requirements for security monitoring personnel
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

C1.e: Personnel skills for monitoring and detection
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Competence requirements for security monitoring personnel
Advanced threat hunting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

C2: Threat hunting
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Advanced threat hunting
Vulnerability reporting to CERT.PT (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

38°: Prevenção e monitorização de vulnerabilidades
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Vulnerability reporting to CERT.PT (Portugal)
Annual security report (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

30°: Relatório anual
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Annual security report (Portugal)
Data handling for vulnerability reports (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

38°: Prevenção e monitorização de vulnerabilidades
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Data handling for vulnerability reports (Portugal)
The step-by-step process of notification of incidents to the authorities (Portugal)
Critical
High
Normal
Low
Incident management and response
4
requirements

Examples of other requirements this task affects

44°: Relatórios final e intercalar
NIS2 Portugal
43°: Notificação do fim de impacto significativo
NIS2 Portugal
40°: Notificação obrigatória
NIS2 Portugal
42°: Notificação inicial
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Portugal)
Security reporting point of contact
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 20.4.e: Určenie kontaktnej osoby na prijímanie hlásení
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Security reporting point of contact
Incident reporting and early warning system alignment
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 20.4.f: Hlásenie incidentov a včasné varovanie
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Incident reporting and early warning system alignment
Retention of supplementary incident data (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 6: Informationsförfrågningar
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Retention of supplementary incident data (Sweden)
Process for handling supplementary information requests (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 6: Informationsförfrågningar
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Process for handling supplementary information requests (Sweden)
Initial incident notification process to the Swedish Civil Contingencies Agency (Sweden)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 3: Incidentrapporteringsprocess
MSBFS 2020:8
§ 4: Initial incidentnotifiering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Initial incident notification process to the Swedish Civil Contingencies Agency (Sweden)
The step-by-step process of notification of incidents to the authorities (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 5: Slutgiltig incidentrapportering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Sweden)
Process for reporting significant incidents to the Provincial Government (Åland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 16: Rapporteringsskyldigheter för kritiska verksamhetsutövare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Process for reporting significant incidents to the Provincial Government (Åland)
The step-by-step process of notification of incidents to the authorities (Åland)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 21.1-2: Anmälan av betydande incidenter
NIS2 Åland
§ 21: Anmälan av incidenter till provinsiella myndigheter och tjänstemottagare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Åland)
Ensuring communication availability during security events
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 74: Opretholdelse af kommunikation under hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Ensuring communication availability during security events
Functional testing of technical equipment
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 22: Funktionstests af teknisk udstyr
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Functional testing of technical equipment
Continuous incident response capability
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 72: Håndtering af sikkerhedshændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Continuous incident response capability
Notification of users for significant incidents
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 75: Underretninger om hændelser til modtagere af tjenester
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Notification of users for significant incidents
The step-by-step process of notification of incidents to the authorities (Denmark-energy)
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 79: Forpligtelser ved rapportering af hændelserIndberetningsløsninger
Energisektor beredskabsbekendtgørelse
§ 78: Rapporteringsprocessen for væsentlige hændelser
Energisektor beredskabsbekendtgørelse
§ 77: Rapportering af væsentlige hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Denmark-energy)
Guideline for reporting security incidents to authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 80: Anmeldelse til politiet og Forsvaret
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Guideline for reporting security incidents to authorities
Five-year plan and evalutation for cyber security exercises
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 20: Femårige øvelsesplan
Energisektor beredskabsbekendtgørelse
§ 23: Øvelsesevalueringen
Energisektor beredskabsbekendtgørelse
§ 21: Beredskabsøvelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Five-year plan and evalutation for cyber security exercises
Compliance procedure for external incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

5.43: HLT – Externe rapportage van incidenten
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Compliance procedure for external incident reporting
Process for disclosure of cybersecurity information
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 26: Cybersecurity authentication, detection and risk evaluation
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Process for disclosure of cybersecurity information
Handling network information security complaints and reports
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 49: Complaint and reporting systems for network information security
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Handling network information security complaints and reports
Confidentiality of security incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 14: Right to report behaviors that endanger cybersecurity
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Confidentiality of security incident reporting
Management of prohibited content and secure information services
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 47: Strengthening the management of information published by network users
CSL (China)
Article 48: Security administration duties for electronic information distribution and application download service providers
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Management of prohibited content and secure information services
Voluntary sharing of risk assessment results and technologies with CSIRTs (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

13: Informacje przekazywane do CSIRT
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Voluntary sharing of risk assessment results and technologies with CSIRTs (Poland)
Early warning notification details for major incidents (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

12: Wczesne ostrzeżenie
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Early warning notification details for major incidents (Poland)
Handling sensitive information and support requests in incident reporting (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

12: Wczesne ostrzeżenie
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Handling sensitive information and support requests in incident reporting (Poland)
Responding to mandatory reactive cybersecurity measures
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Responding to mandatory reactive cybersecurity measures
Regular asset scope review and justification of exclusions (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Regular asset scope review and justification of exclusions (Czech Republic)
The step-by-step process of notification of incidents to the authorities (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Czech Republic)
Incident reporting channels and procedures (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Incident reporting channels and procedures (Czech Republic)
Defining threshold for cyber security breach (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for cyber security breach (Czech Republic)
System isolation procedures
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
System isolation procedures
Upper obligations regime incident notification procedure (Czech Republic)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Upper obligations regime incident notification procedure (Czech Republic)
Notification of exploited vulnerabilities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 14.1-2: Reporting obligations of manufacturers
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of exploited vulnerabilities
Incident management and response capability
Critical
High
Normal
Low
Incident management and response
10
requirements

Examples of other requirements this task affects

Article 25: Security attestation of free and open-source software
CRA
§ 7: Krav om sikkerhet for tilbydere av samfunnsviktige tjenester
NIS2 NO
§ 19.6.a: Povinnosť riešiť incidenty
NIS2 Slovakia
§ 20.4.d: Riešenie kybernetických bezpečnostných incidentov
NIS2 Slovakia
§ 68: Reagering på uregelmæssigheder i realtid
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Incident management and response capability
Notification of an incident affecting the products
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 14.3-4: Incident notification
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of an incident affecting the products
Communication of the incident response plan to stakeholders
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

13.1.a: Preventing incidents
CER
§ 14.1: Förebyggande av incidenter
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Communication of the incident response plan to stakeholders
Testing business continuity plans with severe scenarios
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Testing business continuity plans with severe scenarios
Anomaly criteria for triggering incident response
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

C1.c: Generating alerts
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Anomaly criteria for triggering incident response
Prioritization of security alerts
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

C1.d: Alert contextualisation
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Prioritization of security alerts
Documentation and notifications of PHI breaches
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation and notifications of PHI breaches
Burden of Proof for breach notifications
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Burden of Proof for breach notifications
Process for immediate notification to the Information and Communication Center (Belgium)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 14.1: Notification de services déterminés
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Process for immediate notification to the Information and Communication Center (Belgium)
Handling vulnerability reports from national CSIRTs
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

30: Înființarea și autorizarea CSIRT-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Handling vulnerability reports from national CSIRTs
Ensure CSIRT compliance with national operational and security requirements (Romania)
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

31: Obligațiile și autorizarea csirt-urilor
NIS2 Romania
32: Cerințele operaționale, de securitate și de cooperare pentru csirt-uri
NIS2 Romania
33: Responsabilitățile și serviciile csirt-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure CSIRT compliance with national operational and security requirements (Romania)
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

15.2: Modalitatea de raportare
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
The step-by-step process of notification of incidents to the authorities (Cyprus)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

35B.1: Αναφορά Σημαντικών Περιστατικών
NIS2 Cyprus
35B.4: Ειδοποίηση περιστατικού πολλαπλών σταδίων
NIS2 Cyprus
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Cyprus)
Guidelines for information exchange with authorities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 11: Übermittlung und Nutzung der Informationen
CSV
9: Współpraca z podmiotami Krajowego Systemu Cyberbezpieczeństwa
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Guidelines for information exchange with authorities
Process for supplementary incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 16: Frist zur Erfassung der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for supplementary incident reporting
Procedure for reporting cyberattacks
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 15: Inhalt der Meldung
CSV
Article 14: Right to report behaviors that endanger cybersecurity
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Procedure for reporting cyberattacks
Guidelines for identifying reportable cyberattacks (Switzerland)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 14: Zu meldende Cyberangriffe
CSV
Art. 15: Inhalt der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Guidelines for identifying reportable cyberattacks (Switzerland)
Process for information exchange with BACS (Switzerland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 8: Sichere und automatisierte Informationsaustauschsysteme
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for information exchange with BACS (Switzerland)
The step-by-step process of notification of incidents to the national security authority
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 4-5.1: Varslingsplikt
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the national security authority
Process for Monitoring Protective Security and Reporting Incidents
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 2.1: Skyldigheter för den som bedriver säkerhetskänslig verksamhet
SSL
See all related requirements and other information from tasks own page.
Go to >
Process for Monitoring Protective Security and Reporting Incidents
Procedure for emergency notifications to authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

13.3: Underretningspligt i beredskabssituationer
NIS2 Denmark
See all related requirements and other information from tasks own page.
Go to >
Procedure for emergency notifications to authorities
Define and document internal notification triggers
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
§ 13.1: Beredskapsplanlegging for hendelser
NIS2 NO
Article 25: Contingency plans for cybersecurity incidents
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Define and document internal notification triggers
Notifying the public of a significant incident
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Članak 41: Obavještavanje javnosti o značajnom incidentu
NIS2 Croatia
Article 17.2: Informing the public
CRA
See all related requirements and other information from tasks own page.
Go to >
Notifying the public of a significant incident
Submitting a monthly progress report
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 25.5: Notifiche di incidenti
NIS2 Italy
§ 5: Slutgiltig incidentrapportering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Submitting a monthly progress report
Conducting incident response exercises
Critical
High
Normal
Low
Incident management and response
4
requirements

Examples of other requirements this task affects

17.7: Conduct Routine Incident Response Exercises
CIS 18
§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
D1.c: Testing response plans
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Conducting incident response exercises
Establishing and maintaining an incident response process
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

17.4: Establish and Maintain an Incident Response Process
CIS 18
11.4: Abordare cuprinzătoare a securității cibernetice
NIS2 Romania
Article 49: Complaint and reporting systems for network information security
CSL (China)
D1.a: Response plan
CAF 4.0
§ 19.3: Væsentlige procedurer for håndtering af hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining an incident response process
Designating incident management key personnel
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

17.1: Designate Personnel to Manage Incident Handling
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Designating incident management key personnel
User notification procedure for significant service disruptions
Critical
High
Normal
Low
Incident management and response
11
requirements

Examples of other requirements this task affects

34.(4): Incidentu un draudu paziņojumi pakalpojumu saņēmējiem
NIS2 Latvia
Art. 25.9: Notifiche di incidenti ai destinatari del servizio
NIS2 Italy
Art. 25.10: Notifiche di minacce ai destinatari dei servizi
NIS2 Italy
32.1: Ontvangers informeren over belangrijke incidenten
NIS2 Netherlands
32.2: Ontvangers informeren over cyberdreigingen
NIS2 Netherlands
See all related requirements and other information from tasks own page.
Go to >
User notification procedure for significant service disruptions
Submitting a progress report
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

34.(6): Progresa ziņojums par incidentu
NIS2 Latvia
31.2: Voortgangsverslag
NIS2 Netherlands
See all related requirements and other information from tasks own page.
Go to >
Submitting a progress report
Defining threshold for incident recovery measures
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

RS.MA-05: Incident recovery criteria
NIST 2.0
13.1.d: Recovering from incidents
CER
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
D1.b: Response and recovery capability
CAF 4.0
§ 14.4: Återhämta sig från incidenter
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for incident recovery measures
Public communication on incident recovery measures
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

RC.CO-04: Public updates on incident recovery are shared
NIST 2.0
Article 55: Activation of contingency plans for cybersecurity incidents
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Public communication on incident recovery measures
Incident response documentation and integrity
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

RS.AN-06: Records of investigation of incident
NIST 2.0
§ 16: Rapporteringsskyldigheter för kritiska verksamhetsutövare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Incident response documentation and integrity
Including suppliers in incident management
Critical
High
Normal
Low
Incident management and response
8
requirements

Examples of other requirements this task affects

GV.SC-08: Including relevant suppliers and third parties in incident activities
NIST 2.0
ID.IM-02: Improvements from security tests and exercises
NIST 2.0
13.1.c: Responding to incidents
CER
§ 8: Rapporteringskrav för leverantörer
MSBFS 2020:8
§ 14.3: Incidenthantering och respons
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Including suppliers in incident management
Creating and maintaining incident response plans
Critical
High
Normal
Low
Incident management and response
24
requirements

Examples of other requirements this task affects

4.1.1: Establish plans for incident management
NSM ICT-SP
ID.IM-04: Incident response and cybersecurity plans
NIST 2.0
PR.IR-03: Meeting resilience requirements
NIST 2.0
RS.MA-01: Incident response plan execution
NIST 2.0
RC.RP-01: Recovery plan
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining incident response plans
Identifying the impact on business processes
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

4.3.1: Identify extent and impact on business processes
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identifying the impact on business processes
Enriching incident information to ensure an effective response
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
38: Kiberuzbrukumu attiecināšana
NIS2 Latvia
§ 69: Logplanlægning og overvågning til hændelsesrespons
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Enriching incident information to ensure an effective response
Documenting incident activities by establishing a response timeline
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
§ 19.6.d: Forenzná ochrana údajov
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Documenting incident activities by establishing a response timeline
Developing and executing a recovery plan
Critical
High
Normal
Low
Incident management and response
10
requirements

Examples of other requirements this task affects

4.3.4: Launch recovery plan during or after the incident
NSM ICT-SP
Article 39: Components of the ICT business continuity plan
DORA simplified RMF
13.1.d: Recovering from incidents
CER
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Developing and executing a recovery plan
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

4.3.6: Perform necessary activities after the incident
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Ensuring the safe failure of the critical systems in a network loss
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

PR.AC-5: Network integrity (network segregation, network segmentation… ) is protected.
CyberFundamentals
§ 10.e: Systemrobusthet og tilgjengelighet
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Ensuring the safe failure of the critical systems in a network loss
Defining security events and incidents
Critical
High
Normal
Low
Incident management and response
19
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
DE.AE-08: Incidents declaration criteria
NIST 2.0
17.9: Establish and Maintain Security Incident Thresholds
CIS 18
Article 31: ICT risk management
DORA simplified RMF
5.43: HLT – Externe rapportage van incidenten
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Defining security events and incidents
Internal communication in an incident situation
Critical
High
Normal
Low
Incident management and response
13
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
DE.AE-06: Information on adverse events
NIST 2.0
RS.CO-02: Notifying stakeholders of incidents
NIST 2.0
RS.CO-03: Sharing Information with stakeholders
NIST 2.0
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Internal communication in an incident situation
Process for categorization of security incidents
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

1.6.2: Management of reported events
TISAX
RS.MA-04: Incidents escalation and elevating
NIST 2.0
C1.c: Generating alerts
CAF 4.0
§ 20.4.d: Riešenie kybernetických bezpečnostných incidentov
NIS2 Slovakia
§ 72: Håndtering af sikkerhedshændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Process for categorization of security incidents
Classification of incidents
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

Article 18: Classification of ICT-related incidents and cyber threats
DORA
4.2.1: Review log data and collect relevant data on the incident to create a good basis for making decisions
NSM ICT-SP
4.2.2: Determine the severity level of the incident
NSM ICT-SP
RS.MA-03: Incident classification
NIST 2.0
RS.AN-08: Incident’s magnitude
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Classification of incidents
Sufficient resourcing of ICT-environment monitoring
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
Sufficient resourcing of ICT-environment monitoring
Consideration of classified information in the incident management
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

T-06: MALFUNCTIONS AND EXCEPTIONAL SITUATIONS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Consideration of classified information in the incident management
Reporting security breach to authorities
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

T-07: MANAGEMENT OF SECURITY EVENTS
Katakri 2020
Art. 14: Zu meldende Cyberangriffe
CSV
Art. 8: Sichere und automatisierte Informationsaustauschsysteme
CSV
§ 104: Fortrolige oplysninger
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Reporting security breach to authorities
The first level response process to security incidents
Critical
High
Normal
Low
Incident management and response
69
requirements

Examples of other requirements this task affects

16.1.4: Assessment of and decision on information security events
ISO 27001
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Omavalvontasuunnitelma
DE.AE-4: Impact of events
NIST
RS.RP-1: Incident response plan
NIST
RS.AN-4: Incident categorization
NIST
See all related requirements and other information from tasks own page.
Go to >
The first level response process to security incidents
Defining cyber security metrics for cyber security breaches
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

RESPONSE-2: Analyze Cybersecurity Events and Declare Incidents
C2M2
Article 17: ICT-related incident management process
DORA
17.9: Establish and Maintain Security Incident Thresholds
CIS 18
§ 20.4.b: Detekcia kybernetických bezpečnostných incidentov
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Defining cyber security metrics for cyber security breaches
Processes for reporting information security events related to offered cloud services
Critical
High
Normal
Low
Incident management and response
12
requirements

Examples of other requirements this task affects

ID.RA-3: Threat identification
NIST
DE.DP-4: Event detection
NIST
RS.CO-3: Information sharing
NIST
RC.CO-1: Public relations
NIST
16: Information security incident management
ISO 27017
See all related requirements and other information from tasks own page.
Go to >
Processes for reporting information security events related to offered cloud services
Identification and monitoring of event sources
Critical
High
Normal
Low
Incident management and response
15
requirements

Examples of other requirements this task affects

DE.AE-3: Event data
NIST
TEK-13: Poikkeamien havainnointikyky ja toipuminen
Julkri
RESPONSE-1: Detect Cybersecurity Events
C2M2
DE.AE-3: Event data are collected and correlated from multiple sources and sensors.
CyberFundamentals
DE.CM-03: Monitoring personnel activity and technology usage
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Identification and monitoring of event sources
Defining threshold for cyber security breach
Critical
High
Normal
Low
Incident management and response
13
requirements

Examples of other requirements this task affects

DE.AE-5: Incident alert thresholds
NIST
RESPONSE-2: Analyze Cybersecurity Events and Declare Incidents
C2M2
Article 17: ICT-related incident management process
DORA
DE.AE-5: Incident alert thresholds are established.
CyberFundamentals
DE.AE-08: Incidents declaration criteria
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for cyber security breach
Detection process testing and compliance
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

DE.DP-2: Detection activities
NIST
TEK-13: Poikkeamien havainnointikyky ja toipuminen
Julkri
CC7.2: Monitoring of system components for anomalies
SOC 2
DE.DP-2: Detection activities comply with all applicable requirements.
CyberFundamentals
39: Koordinēta ievainojamību atklāšana
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Detection process testing and compliance
Incident containing measures
Critical
High
Normal
Low
Incident management and response
22
requirements

Examples of other requirements this task affects

RS.MI-1: Incident containment
NIST
Article 17: ICT-related incident management process
DORA
RS.MI-1: Incidents are contained.
CyberFundamentals
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
RS.MI-01: Incident containment
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Incident containing measures
Managing evidence information for information security incidents
Critical
High
Normal
Low
Incident management and response
9
requirements

Examples of other requirements this task affects

5.28: Collection of evidence
ISO 27001
6.2b: Häiriöiden hallinta ja menettelyt ongelmatilanteissa
Tietoturvasuunnitelma
4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
RS.AN-07: Incident data and metadata
NIST 2.0
5.28: Bewijs verzamelen
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Managing evidence information for information security incidents
Definition of tolerable outages
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

27: Siedettävien toimintakatkoksien määrittely
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Definition of tolerable outages
Reporting data security incidents to the authorities
Critical
High
Normal
Low
Incident management and response
11
requirements

Examples of other requirements this task affects

35: Häiriöiden ilmoittaminen viranomaisille
Digiturvan kokonaiskuvapalvelu
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CIS 18
Article 14: Right to report behaviors that endanger cybersecurity
CSL (China)
Article 49: Complaint and reporting systems for network information security
CSL (China)
§ 19.6.e: Oznámenie orgánom činným v trestnom konaní
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Reporting data security incidents to the authorities

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templatesTrust center
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessmentsInternal audits
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security