Maintaining chosen theme-specific policy documents

Other tasks from the same security theme

Task name

Priority

Policy

Other requirements

Creation and maintenance of the information security plan report

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa

Tietoturvasuunnitelma

See all related requirements and other information from tasks own page.

Go to >

Creation and maintenance of the information security plan report

Information security policy -report publishing, informing and maintenance

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje

NIS2 Croatia

10 §: Johdon vastuu

Kyberturvallisuuslaki

9.2 §: Kyberturvallisuuden toimintaperiaatteet

Kyberturvallisuuslaki

1.1.1: Availability of information security policies

TISAX

31 § 1°: Approbation des mesures de gestion des risques de cybersécurité

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

Information security policy -report publishing, informing and maintenance

Defining and documenting security objectives

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje

NIS2 Croatia

10 §: Johdon vastuu

Kyberturvallisuuslaki

9.2 §: Kyberturvallisuuden toimintaperiaatteet

Kyberturvallisuuslaki

31 § 1°: Approbation des mesures de gestion des risques de cybersécurité

NIS2 Belgium

ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Defining and documenting security objectives

Executing and documenting internal audits

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

9.2: Internal audit

ISO 9001

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima

NIS2 Croatia

Članak 35: Provedba samoprocjene kibernetičke sigurnosti

NIS2 Croatia

9.1 §: Toimien vaikuttavuuden arviointi

Kyberturvallisuuslaki

1.5.1: Assessment of policies and requirements

TISAX

See all related requirements and other information from tasks own page.

Go to >

Executing and documenting internal audits

Creating and maintaining a statement of applicability

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

6.1: Information security risk management

ISO 27001

7.5: Requirements for documented information

ISO 27001

1.2.1: Scope of Information Security management

TISAX

See all related requirements and other information from tasks own page.

Go to >

Creating and maintaining a statement of applicability

Identification, documentation and management of other information security requirements

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

7.1.1: Compliance management

TISAX

30 § 2°: Évaluation des risques et mesures de gestion

NIS2 Belgium

1.1.1: Identify the organisation’s strategy and priorities

NSM ICT-SP

DE.DP-2: Detection activities comply with all applicable requirements.

CyberFundamentals

ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Identification, documentation and management of other information security requirements

Internal audit procedure -report publishing and maintenance

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements

NIST

14.6.: Vadovybės atsakomybė

NIS2 Lithuania

7.5: Requirements for documented information

ISO 27001

9.2: Internal audit

ISO 27001

CC1.5: Accountability for responsibilities

SOC 2

See all related requirements and other information from tasks own page.

Go to >

Internal audit procedure -report publishing and maintenance

ISMS description and maintenance

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

2.1: Tietoturvallisuusvastuiden määrittely

TiHL tietoturvavaatimukset

2.3: Tietoturvallisuus tiedonhallintamallissa

TiHL tietoturvavaatimukset

1.2.1: Scope of Information Security management

TISAX

PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.

CyberFundamentals

PR.AT-5: Physical and cybersecurity personnel

NIST

See all related requirements and other information from tasks own page.

Go to >

ISMS description and maintenance

Defining the frameworks that serve as the basis of the management system

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives

SOC 2

See all related requirements and other information from tasks own page.

Go to >

Defining the frameworks that serve as the basis of the management system

Regular review of the cyber security risk documentation

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13.7: Documenting cybersecurity

CRA

See all related requirements and other information from tasks own page.

Go to >

Regular review of the cyber security risk documentation

Documentation of risk assessment

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13.3: Documenting risk assessment

CRA

11.7: Listei de active și riscuri

NIS2 Romania

12.2: Risk assessment measures

CER

§ 4-4: Krav til dokumentasjon

Sikkerhetsloven

See all related requirements and other information from tasks own page.

Go to >

Documentation of risk assessment

Provision of product information to the market surveillance authority

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13.22: Conformity

CRA

See all related requirements and other information from tasks own page.

Go to >

Provision of product information to the market surveillance authority

Single point of contact for reporting vulnerabilities

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13.17: Single point of contact

CRA

See all related requirements and other information from tasks own page.

Go to >

Single point of contact for reporting vulnerabilities

Maintaining a coordinated vulnerability disclosure policy and reporting procedure

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Vuln.5: Coordinated vulnerability disclosure

CRA

See all related requirements and other information from tasks own page.

Go to >

Maintaining a coordinated vulnerability disclosure policy and reporting procedure

Cybersecurity requirements related to the use of AI

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 12.1: High risk AI

CRA

See all related requirements and other information from tasks own page.

Go to >

Cybersecurity requirements related to the use of AI

Integration of change management procedures

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Integration of change management procedures

Disciplinary process for non-conformance

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Disciplinary process for non-conformance

Cyber security policy and procedure compliance requirements

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Cyber security policy and procedure compliance requirements

Security related policies and procedures for all assets

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13.2.1: Mesures permanentes de sécurité intérieure

Loi infrastructures critiques

See all related requirements and other information from tasks own page.

Go to >

Defining triggers for evaluating the information security management system

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Defining triggers for evaluating the information security management system

Review of information security management system best practices

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 6.1: Sikkerhetsstyringssystem

NIS2 NO

See all related requirements and other information from tasks own page.

Go to >

Review of information security management system best practices

Defining system auditing roles and responsibilities

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Defining system auditing roles and responsibilities

Reviewing security policies and procedures

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Reviewing security policies and procedures

Conducting business impact analysis

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Conducting business impact analysis

Creating and maintaining an asset management policy

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Creating and maintaining an asset management policy

Creating and maintaining physical and environmental security policy

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Creating and maintaining physical and environmental security policy

Creating and maintaining report on the review of the ICT risk management framework

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Creating and maintaining report on the review of the ICT risk management framework

Develop and maintain an ICT project management policy

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Develop and maintain an ICT project management policy

Requirements for creating policies

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Requirements for creating policies

Establishing risk profile

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Establishing risk profile

Safeguards to protect PHI

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Safeguards to protect PHI

Security officer appointment and responsibilities (HIPAA)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Security officer appointment and responsibilities (HIPAA)

Evaluating compliance with HIPAA requirements

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Evaluating compliance with HIPAA requirements

Establishing and maintaining the comprehensive ePHI security program

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Establishing and maintaining the comprehensive ePHI security program

Protection from retaliation and intimidation

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Protection from retaliation and intimidation

Protecting HIPAA rights from being waived

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Protecting HIPAA rights from being waived

Implementation of policies and procedures

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Implementation of policies and procedures

Policies and procedures for HIPAA compliance

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

No items found.

See all related requirements and other information from tasks own page.

Go to >

Policies and procedures for HIPAA compliance

Appointing a qualified cybersecurity auditor (Malta)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

14.1: Appointment and approval of a qualified auditor for the verification of cybersecurity measures

NIS2 Malta

See all related requirements and other information from tasks own page.

Go to >

Appointing a qualified cybersecurity auditor (Malta)

Designation of the information security officer (Spain)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Artículo 16.2: Comunicación de la designación del responsable

NIS2 Spain

Artículo 16.1: Designación del responsable de la seguridad de la información

NIS2 Spain

Artículo 16.4: Cualificaciones y posición organizativa

NIS2 Spain

See all related requirements and other information from tasks own page.

Go to >

Designation of the information security officer (Spain)

Statement of applied security measures (Spain)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Artículo 15.5: Declaración de aplicabilidad de sistemas

NIS2 Spain

See all related requirements and other information from tasks own page.

Go to >

Statement of applied security measures (Spain)

Cybersecurity compliance requirements for essential and important entities (Spain)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Artículo 15.4: Demostración y certificación de cumplimiento

NIS2 Spain

See all related requirements and other information from tasks own page.

Go to >

Cybersecurity compliance requirements for essential and important entities (Spain)

Adoption and implementation of security measures

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure

Loi infrastructures critiques

§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak

Sikkerhetsloven

See all related requirements and other information from tasks own page.

Go to >

Adoption and implementation of security measures

Risk-based selection of security measures

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure

Loi infrastructures critiques

§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak

Sikkerhetsloven

See all related requirements and other information from tasks own page.

Go to >

Risk-based selection of security measures

Security Plan development and implementation

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13.4: Période de mise en œuvre des mesures de sécurité

Loi infrastructures critiques

See all related requirements and other information from tasks own page.

Go to >

Security Plan development and implementation

Security contact point for critical infrastructure

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 12.1-3: Point de contact pour la sécurité

Loi infrastructures critiques

13.3: Designated personnel

CER

See all related requirements and other information from tasks own page.

Go to >

Security contact point for critical infrastructure

Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13.1: Plan de sécurité de l'opérateur

Loi infrastructures critiques

Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.

Loi infrastructures critiques

See all related requirements and other information from tasks own page.

Go to >

Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)

Advance notification of planned cybersecurity audits

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

33.5: Ankündigung geplanter Prüfungen

NIS2 Austria

See all related requirements and other information from tasks own page.

Go to >

Advance notification of planned cybersecurity audits

Self-declaration submission (Austria)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

33.1: Selbstdeklaration

NIS2 Austria

See all related requirements and other information from tasks own page.

Go to >

Self-declaration submission (Austria)

Proof Obligations for Operators of Critical Infrastructure (Germany)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

39.1: Nachweispflichten für Betreiber kritischer Anlagen

NIS2 Germany

See all related requirements and other information from tasks own page.

Go to >

Proof Obligations for Operators of Critical Infrastructure (Germany)

Annual cybersecurity maturity self-assessment and reporting

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

12.4: Transmiterea autoevaluării anuale a maturității cibernetice

NIS2 Romania

See all related requirements and other information from tasks own page.

Go to >

Annual cybersecurity maturity self-assessment and reporting

Appointment of a Cyber Security Officer (Romania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

14.3: Alocarea resurselor și desemnarea responsabililor de securitate

NIS2 Romania

14.4: Cerințe pentru responsabilul cu securitatea

NIS2 Romania

See all related requirements and other information from tasks own page.

Go to >

Appointment of a Cyber Security Officer (Romania)

Registration for official communication systems

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 9: Registrierung

CSV

See all related requirements and other information from tasks own page.

Go to >

Registration for official communication systems

Process for clarifying reporting obligations (Switzerland)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 13: Einreichung von Unterlagen zur Abklärung der Meldepflicht

CSV

See all related requirements and other information from tasks own page.

Go to >

Process for clarifying reporting obligations (Switzerland)

Cooperation with supervisory authorities

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 4-5.2: Varsling av tilsynsmyndigheten

Sikkerhetsloven

§ 14: Opplysningsplikt og tilgang til lokaler og utstyr

NIS2 NO

See all related requirements and other information from tasks own page.

Go to >

Cooperation with supervisory authorities

Ensure the integrity of critical national information

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 5-2: Beskyttelse av skjermingsverdig informasjon

Sikkerhetsloven

§ 6-2: Beskyttelse av skjermingsverdige informasjonssystemer

Sikkerhetsloven

See all related requirements and other information from tasks own page.

Go to >

Ensure the integrity of critical national information

Notifying authorities of high-risk procurements

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 9-4.2: Varsling til departementet

Sikkerhetsloven

See all related requirements and other information from tasks own page.

Go to >

Notifying authorities of high-risk procurements

Notify termination of security-sensitive activity

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt

SSL

See all related requirements and other information from tasks own page.

Go to >

Notify termination of security-sensitive activity

Notify start of security-sensitive activity

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt

SSL

See all related requirements and other information from tasks own page.

Go to >

Notify start of security-sensitive activity

Appointment and role of the Security Protection Manager

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

§ 2.7: Säkerhetsskyddschef

SSL

See all related requirements and other information from tasks own page.

Go to >

Appointment and role of the Security Protection Manager

Appointment of a Chief Information Security Officer (Greece)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

15.5.α: Υπεύθυνος ασφάλειας πληροφοριών

NIS2 Greece

See all related requirements and other information from tasks own page.

Go to >

Appointment of a Chief Information Security Officer (Greece)

Review reporting of simplified ICT risk management framework

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 41: Format and content of the report on the review of the simplified ICT risk management framework

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

Review reporting of simplified ICT risk management framework

ICT project management procedure

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 38: ICT project and change management

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

ICT project management procedure

Auditing of risk management framework

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 28: Governance and organization

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

Auditing of risk management framework

Creation and maintenance of governance and control framework

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 28: Governance and organization

DORA simplified RMF

See all related requirements and other information from tasks own page.

Go to >

Creation and maintenance of governance and control framework

Notification of a significant incident with cross-border and cross-sectoral impact

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkom

NIS2 Croatia

15.3: Informații privind impactul transfrontalier al incidentelor

NIS2 Romania

See all related requirements and other information from tasks own page.

Go to >

Notification of a significant incident with cross-border and cross-sectoral impact

Conducting an external audit

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 34: Provedba revizije kibernetičke sigurnosti

NIS2 Croatia

11.5: Auditului de securitate

NIS2 Romania

See all related requirements and other information from tasks own page.

Go to >

Conducting an external audit

Notifying the administrative body of incidents

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Art. 23.3: Comunicazione

NIS2 Italy

See all related requirements and other information from tasks own page.

Go to >

Notifying the administrative body of incidents

Appointment of a Cyber Security Officer (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė

NIS2 Lithuania

15.4.: Kibernetinio saugumo valdymo užsakymas

NIS2 Lithuania

15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai

NIS2 Lithuania

15.2.: Paskirti saugos įgaliotinį

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Appointment of a Cyber Security Officer (Lithuania)

Appointment of a Chief Information Security Officer (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė

NIS2 Lithuania

15.4.: Kibernetinio saugumo valdymo užsakymas

NIS2 Lithuania

15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai

NIS2 Lithuania

15.1.: Paskirti kibernetinio saugumo vadovą

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Appointment of a Chief Information Security Officer (Lithuania)

Cybersecurity auditing (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

14.8.: Kibernetinio saugumo auditai

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Cybersecurity auditing (Lithuania)

Technical cyber security measures (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemones

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Technical cyber security measures (Lithuania)

Usage of data centers (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojams

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Usage of data centers (Lithuania)

Usage of the Secure Network (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Usage of the Secure Network (Lithuania)

Cyber Security Information System usage (Lithuania)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

19.1.: Kibernetinio saugumo informacinė sistema

NIS2 Lithuania

19.3.: Kibernetinio saugumo informacinės sistemos naudojimas

NIS2 Lithuania

19.4.: Dalijimosi informacija susitarimai

NIS2 Lithuania

See all related requirements and other information from tasks own page.

Go to >

Cyber Security Information System usage (Lithuania)

Providing the security managers information to a competent authority

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanu

NIS2 Latvia

25.(3): Kiberdrošības pārvaldnieka atbilstība

NIS2 Latvia

25.(4): Paziņojums par izmaiņām

NIS2 Latvia

See all related requirements and other information from tasks own page.

Go to >

Providing the security managers information to a competent authority

Appointment, tasks and position of a Cyber security manager

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

25.(5): kiberdrošības pārvaldnieka pienākumi

NIS2 Latvia

25.(1): Kiberdrošības pārvaldību

NIS2 Latvia

See all related requirements and other information from tasks own page.

Go to >

Appointment, tasks and position of a Cyber security manager

Assessment of conformity (Belgium)

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

39: Conformité et audits

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

Assessment of conformity (Belgium)

Documentation of organization's dependencies on external resources

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

GV.OC-05: Organizational dependencies on outcomes and services

NIST 2.0

§ 4-2: Vurdering av risiko

Sikkerhetsloven

§ 7: Risikovurdering

NIS2 NO

See all related requirements and other information from tasks own page.

Go to >

Documentation of organization's dependencies on external resources

Strategic directions of risk response options

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

GV.RM-04: Strategic direction of risk response options

NIST 2.0

See all related requirements and other information from tasks own page.

Go to >

Strategic directions of risk response options

Identify the organisation's strategy and priorities

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

1.1.1: Identify the organisation’s strategy and priorities

NSM ICT-SP

See all related requirements and other information from tasks own page.

Go to >

Identify the organisation's strategy and priorities

Implementing a crisis response strategy

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

RC.CO-2: Reputation is repaired after an incident.

CyberFundamentals

4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incident

NSM ICT-SP

4.3.2: Determine whether the incident is under control and take the necessary reactive measures

NSM ICT-SP

30 § 1°: Gestion des risques et maîtrise des incidents

NIS2 Belgium

30 § 3.3°: La continuité et la gestion des crises

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

Implementing a crisis response strategy

Recognizing and listing sensitive work fields and jobs

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

2.1.1: Competence of employees

TISAX

See all related requirements and other information from tasks own page.

Go to >

Recognizing and listing sensitive work fields and jobs

Description of cyber security structure

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

1.2.2: Information Security Responsibilities

TISAX

14.3: Alocarea resurselor și desemnarea responsabililor de securitate

NIS2 Romania

§ 9: Organisatoriske sikkerhetstiltak

NIS2 NO

See all related requirements and other information from tasks own page.

Go to >

Description of cyber security structure

Monitoring and analysing effectiveness of digital operational resilience strategy

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13: Learning and evolving

DORA

See all related requirements and other information from tasks own page.

Go to >

Monitoring and analysing effectiveness of digital operational resilience strategy

Learning from testing operational resilience

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Article 13: Learning and evolving

DORA

RC.IM-1: Recovery plans incorporate lessons learned.

CyberFundamentals

ID.IM-02: Improvements from security tests and exercises

NIST 2.0

Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.

Loi infrastructures critiques

13.1.d: Recovering from incidents

CER

See all related requirements and other information from tasks own page.

Go to >

Learning from testing operational resilience

Adequate security principles of the organisation in terms of classified information

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

T-01: SUPPORT FROM THE MANAGEMENT, GUIDANCE, RESPONSIBILITIES – SECURITY PRINCIPLES

Katakri 2020

§ 2.4: Personalsäkerhetsskyddsåtgärder

SSL

See all related requirements and other information from tasks own page.

Go to >

Adequate security principles of the organisation in terms of classified information

Defining security roles and responsibilities

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminen

Katakri

24. Responsibility of the controller

GDPR

6.1.1: Information security roles and responsibilities

ISO 27001

ID.AM-6: Cybersecurity roles and responsibilities

NIST

ID.GV-2: Cybersecurity role coordination

NIST

See all related requirements and other information from tasks own page.

Go to >

Defining security roles and responsibilities

Amount, competence and adequacy of key cyber security personnel

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

T03: Turvallisuustyön resurssit

Katakri

32. Security of processing

GDPR

37. Designation of the data protection officer

GDPR

6.1.1: Information security roles and responsibilities

ISO 27001

ID.GV-2: Cybersecurity role coordination

NIST

See all related requirements and other information from tasks own page.

Go to >

Amount, competence and adequacy of key cyber security personnel

Management commitment to cyber security management and management system

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje

NIS2 Croatia

1.1.1: Availability of information security policies

TISAX

31 § 1°: Approbation des mesures de gestion des risques de cybersécurité

NIS2 Belgium

PR.AT-4: Senior executives understand their roles and responsibilities.

CyberFundamentals

ID.GV-1: Organizational cybersecurity policy is established and communicated.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Management commitment to cyber security management and management system

Incident management resourcing and monitoring

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

24. Responsibility of the controller

GDPR

7.2.1: Management responsibilities

ISO 27001

16.1.1: Responsibilities and procedures

ISO 27001

5.24: Information security incident management planning and preparation

ISO 27001

Article 17: ICT-related incident management process

DORA

See all related requirements and other information from tasks own page.

Go to >

Incident management resourcing and monitoring

General security competence and awareness of personnel

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 29.b: Osposobljavanja

NIS2 Croatia

10 §: Johdon vastuu

Kyberturvallisuuslaki

2.1.3: Staff training

TISAX

2.1.1: Competence of employees

TISAX

31 § 2°: Formation des cadres supérieurs à la cybersécurité

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

General security competence and awareness of personnel

Defining and documenting cyber security metrics

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima

NIS2 Croatia

4.1: Tietojärjestelmien tietoturvallisuus

TiHL tietoturvavaatimukset

9.1 §: Toimien vaikuttavuuden arviointi

Kyberturvallisuuslaki

13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus

TiHL

30 § 3.6°: L'efficacité des mesures de gestion des risques

NIS2 Belgium

See all related requirements and other information from tasks own page.

Go to >

Defining and documenting cyber security metrics

Implementation and documentation of management reviews

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

9.3: Management review

ISO 9001

Članak 29.a: Upravljanje

NIS2 Croatia

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima

NIS2 Croatia

10 §: Johdon vastuu

Kyberturvallisuuslaki

1.2.1: Scope of Information Security management

TISAX

See all related requirements and other information from tasks own page.

Go to >

Implementation and documentation of management reviews

Communication plan for information security management system

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje

NIS2 Croatia

31 § 1°: Approbation des mesures de gestion des risques de cybersécurité

NIS2 Belgium

2.10.1: Include security in the organisation’s change management process

NSM ICT-SP

RC.CO-2: Reputation is repaired after an incident.

CyberFundamentals

ID.GV-1: Organizational cybersecurity policy is established and communicated.

CyberFundamentals

See all related requirements and other information from tasks own page.

Go to >

Communication plan for information security management system

Continuous improvement and documentation

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

1.5.2: External review of ISMS

TISAX

30 § 6°: Non-conformités et mesures correctives

NIS2 Belgium

PR.IP-7: Protection processes are improved.

CyberFundamentals

ID.GV-1: Organizational cybersecurity policy is established and communicated.

CyberFundamentals

PR.IP-7: Protection processes

NIST

See all related requirements and other information from tasks own page.

Go to >

Continuous improvement and documentation

Archiving and retaining outdated security documentation

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

A.10.2: Retention period for administrative security policies and guidelines

ISO 27018

See all related requirements and other information from tasks own page.

Go to >

Archiving and retaining outdated security documentation

Segregation of information security related duties

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

6.1.2: Segregation of duties

ISO 27001

ID.RA-3: Threat identification

NIST

PR.AC-4: Access permissions and authorizations

NIST

PR.DS-5: Data leak protection

NIST

HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen

Julkri

See all related requirements and other information from tasks own page.

Go to >

Segregation of information security related duties

Security roles, responsibilities, and objectives derived from the organization's goals

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

ID.BE-3: Organizational mission, objectives, and activities

NIST

69: Digiturvan huomiointi osana kokonaisuutta

Digiturvan kokonaiskuvapalvelu

ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.

CyberFundamentals

GV.RR-02: Roles and responsibilities in cybersecurity risk management

NIST 2.0

GV.OC-01: Cybersecurity risk management aligned with the organizational mission

NIST 2.0

See all related requirements and other information from tasks own page.

Go to >

Security roles, responsibilities, and objectives derived from the organization's goals

Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa

Critical

High

Normal

Low

Cyber security management

requirements

Examples of other requirements this task affects

HAL-04.3: Suojattavat kohteet - kasautumisvaikutus

Julkri

2.4: Luokittelu ja turvallisuusluokittelu

TiHL tietoturvavaatimukset

See all related requirements and other information from tasks own page.

Go to >

Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa

Maintaining chosen theme-specific policy documents

Task description

Maintaining chosen theme-specific policy documents

Requirements connected to the task

Other tasks from the same security theme

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects

Examples of other requirements this task affects