Description
Address information security and privacy issues in the development of a critical infrastructure and key resources protection plan.
Supplemental Guidance
Protection strategies are based on the prioritization of critical assets and resources. The requirement and guidance for defining critical infrastructure and key resources and for preparing an associated critical infrastructure protection plan are found in applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.
Changes from Rev 4
Privacy added. Related controls updated.
Compliance Mappings
ISO 27001:2022
4.14.2
ISO 27002:2022
5.31
COBIT 2019
APO02
NIST CSF 2.0
GV.OC-01GV.OC-02GV.OC-04GV.OC-05
PRA Operational Resilience
SS1/21-3.1
BIO2
5.31
RBI CSF
ITGRCA.4
LGPD + BCB 4893
BCB.Art.11BCB.Art.16
HKMA TM-E-1
TME1.2.2TME1.6.1
DNB Good Practice
DNB.11.1DNB.4.1
NCA ECC
1-13-1
UAE IA
T12
CBB TM
TM-14TM-2
Qatar NIA
BC
CBUAE
CR-13
CBE CSF
OVM-2
SA JS2
JS2-7.5
CBN CSF
Part3.7
BoG CISD
CISD-BCM
CPMI-IOSCO PFMI
CG.RRPFMI.P17PFMI.P3
FFIEC IS
II.A
NYDFS 500
500.9
HIPAA Security Rule
§164.308(b)(1)§164.314(a)(1)§164.314(b)(1)
ECB CROE
CROE.2.2.3CROE.2.5.2CROE.2.5.3
SEBI CSCRF
BCP-DRCCMPGV.OC
CBEST
CBEST.3
TIBER-EU
TIBER.XB
Common Criteria
CCRA
Solvency II
Art.44(2)DR.266
Lloyd's Minimum Standards
MS9.1
NAIC Insurance Data Security
4A
FCA SYSC 13
SYSC 13.5.2
HITRUST CSF v11
06.a12.a
ISO 27799
17.1
NHS DSPT
NDG-7.1