Publication of Security Measures Framework
Within the context of the implementation of the EU NIS Directive and the relevant national harmonised legislation, Operators of Essential Services (OES) and Critical Information Infrastructures (CIIs) are obliged to take appropriate technical and organisational measures for the optimum resilience of their systems and to protect the confidentiality, integrity, availability and authenticity of the services that they offer. These operators are all those which offer essential services to Cyprus society, for example in the sectors of energy, transport, banking, financial market infrastsructures, drinking water, health and digital services.
As such, the DSA has published relevant secondary legislation for security measures that OES and CIIs need to implement, covering a risk identification and management approach in a comprehensive manner. This legislation also contain a package of controls in the areas of governance, infrastructure protection and recovery from incidents, which can be enriched with specific obligations for the optimum security of the security of the services offered by these entities. The included measures are based on international standards and best practices, such as the ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-53 standards and the NIS Cooperation Group, in which the DSA is actively participating.
In order to better inform the OES and CIIs, the DSA is planning an informational event on 12 January 2021, where the security measures framework included in the legislation will be presented in detail, as well as details on the expected implementation of the framework by the stakeholders involved.