← Frameworks / Financial Regulation

Bank of Ghana Cyber and Information Security Directive

Comprehensive 131-page directive mandating cybersecurity requirements for all banks, specialised deposit-taking institutions, payment systems, and fintech companies in Ghana. 20 sections covering governance, risk management, audit, asset management, cyber defence, incident response, access control, electronic banking, cyber exercises, external connections, cloud services, physical security, HR management, contractual requirements, ISMS/ISO 27001 certification, business continuity, compliance, and secure development. Requires mandatory ISO 27001 certification.

Clauses: 20

Avg Coverage: 74.9%

Publisher: Bank of Ghana (BoG) Version: 2018

BoG CISD → SP 800-53 SP 800-53 → BoG CISD Coverage Analysis

Clause	Title	SP 800-53 Controls
CISD-BCM	Business Continuity Management	CP-01 CP-02 CP-03 CP-04 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13 SC-24 SI-13 SI-17 PM-08 PM-11
CISD-COMP	Compliance, Reporting and Regulatory Obligations	CA-01 CA-02 CA-03 CA-05 CA-06 CA-07 PM-04 PM-06 PM-10 PL-01 PL-02 PL-04 AU-01 AU-11 AU-16 IR-06
CISD-I	Overview, Scope and Applicability	PM-01 PM-02 PM-03 PM-09 PM-10 PM-11 PL-01 PL-02 PL-04 PL-07
CISD-II	Governance	PM-01 PM-02 PM-03 PM-09 PM-13 PM-14 PM-28 PM-29 PS-09 PL-09 CA-01 CA-06 CA-07
CISD-III	Risk Management	PM-09 PM-28 RA-01 RA-02 RA-03 RA-04 RA-07 RA-08 RA-09 PL-10 PL-11 CA-05 CA-07 PM-04
CISD-ISMS	ISMS and ISO 27001 Certification	PM-01 PM-02 PM-03 PM-09 PM-10 PL-01 PL-02 PL-08 CA-01 CA-02 CA-05 CA-06 CA-07 RA-01 RA-03
CISD-IV	Internal Audit	CA-01 CA-02 CA-05 CA-06 CA-07 PM-04 PM-06 PM-14 AU-01 AU-06
CISD-IX	Electronic Banking Services	AC-02 AC-03 AC-17 IA-01 IA-02 IA-03 IA-05 IA-08 IA-12 SC-07 SC-08 SC-13 SC-23 SA-03 SA-04 SA-08 SA-11 SI-10 SI-11
CISD-SDLC	System Acquisition, Development and Maintenance	SA-01 SA-02 SA-03 SA-04 SA-05 SA-08 SA-09 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 CM-14 SI-10 SI-11 SI-15
CISD-V	Asset Management	CM-08 CM-09 CM-12 CM-13 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 PM-05 SC-28 AC-16
CISD-VI	Cyber Defence	SC-01 SC-02 SC-03 SC-04 SC-05 SC-07 SC-08 SC-12 SC-13 SC-17 SC-20 SC-21 SC-22 SC-28 SC-39 SC-40 SC-41 CM-01 CM-02 CM-03 CM-05 CM-06 CM-07 SI-02 SI-03 SI-04 SI-07 SI-16 RA-05
CISD-VII	Cyber Response	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09 SI-04 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-12 CA-07 PM-16
CISD-VIII	Employee Access to ICT Systems	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-10 AC-11 AC-12 AC-14 AC-17 AC-19 AC-20 AC-21 AC-22 IA-01 IA-02 IA-04 IA-05 IA-06 IA-08 IA-11 SC-08 SC-07
CISD-X	Cyber Exercises	IR-03 CP-04 CA-08 PM-14 AT-02 AT-03 RA-05 RA-06
CISD-XI	External Connections	AC-17 AC-20 AC-04 CA-03 CA-09 SC-07 SC-08 SC-13 SA-09 SR-01 SR-02 SR-03
CISD-XII	Cloud Services	SA-04 SA-09 SR-01 SR-02 SR-03 SR-05 AC-20 SC-07 SC-08 SC-28 CM-12 CM-13 CP-06 CP-07
CISD-XIII	Banks with International Affiliation	PM-09 PM-11 PM-12 AC-04 AC-20 CA-03 SA-09 SC-07 SC-08 PL-08
CISD-XIV	Physical Security	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-16 PE-17 PE-18
CISD-XV	Human Resource Management	PS-01 PS-02 PS-03 PS-04 PS-05 PS-06 PS-07 PS-08 PS-09 AT-01 AT-02 AT-03 AT-04 AT-06 PM-12 PM-13
CISD-XVI	Contractual Aspects	SA-04 SA-09 SA-22 SR-01 SR-02 SR-03 SR-05 SR-06 PM-30 PM-31 PM-32 PS-07