← Frameworks / Financial Regulation

Central Bank of Bahrain Technology Module

Mandatory technology governance and cybersecurity requirements for all CBB-licensed financial institutions in Bahrain. 16 sections covering board oversight, IT governance, information security, risk management, operations, access control, application and network security, data security, physical security, vulnerability management, SOC, incident response, BCM/DR, third-party management, and regulatory reporting.

Clauses: 16

Avg Coverage: 79.6%

Publisher: Central Bank of Bahrain (CBB) Version: 2023

CBB TM → SP 800-53 SP 800-53 → CBB TM Coverage Analysis

Clause	Title	SP 800-53 Controls
TM-1	Board and Senior Management Oversight	PM-01 PM-02 PM-03 PM-09 PM-29 PS-09 PL-09
TM-2	IT Governance	PM-01 PM-07 PM-08 PM-09 PM-11 PM-28 PL-01 PL-02 PL-07 PL-08 PL-09 RA-01
TM-3	Information Security	PL-01 PL-02 PL-08 PL-09 PM-01 PM-02 PM-09 PM-13 PM-14 PM-28 AT-01 AT-02 AT-03 AT-06 PM-15 PM-16
TM-4	IT Risk Management	PM-09 PM-28 RA-01 RA-02 RA-03 RA-04 RA-05 RA-07 RA-09 PL-09 PL-10 PL-11 CA-05 PM-04
TM-5	IT Operations Management	CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-09 SI-02 SI-13 IR-04 CA-07 AU-04 SA-02 SC-06
TM-6	Access Control	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-10 AC-11 AC-12 AC-13 AC-14 AC-16 AC-17 AC-18 AC-19 AC-20 AC-24 AC-25 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-07 IA-08 IA-10 IA-11 IA-12 PS-04 PS-05
TM-7	Application Security	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 CM-04 CM-14 SI-10 SI-11
TM-8	Network Security	SC-01 SC-02 SC-03 SC-05 SC-07 SC-08 SC-10 SC-20 SC-21 SC-22 SC-23 SC-32 SC-39 SC-40 SC-41 SC-44 SI-03 SI-04 AC-04 AC-17 AC-18
TM-9	Data Security	AC-15 AC-16 CM-12 CM-13 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 MP-08 RA-02 SC-08 SC-12 SC-13 SC-28 SI-12 SI-19 PT-02 PT-03
TM-10	Physical Security	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-17 PE-18 PE-20 PE-23
TM-11	Vulnerability Management and Patch Management	RA-05 RA-07 RA-10 SI-02 SI-05 CA-05 CM-03 CM-04 PM-04 PM-16
TM-12	Cybersecurity Operations Centre	SI-04 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-10 AU-11 AU-12 AU-14 AU-16 CA-07 IR-04 PM-16 RA-10 SC-26 SC-44
TM-13	Incident Response	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09 AU-06 PM-16 SI-04 SI-05
TM-14	Business Continuity and Disaster Recovery	CP-01 CP-02 CP-03 CP-04 CP-05 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13 PM-08 PM-11 RA-09 SC-24 SI-17
TM-15	Third Party Management	SA-04 SA-09 SA-21 SA-22 SR-01 SR-02 SR-03 SR-04 SR-05 SR-06 SR-07 SR-08 SR-10 SR-11 PS-07 RA-03 RA-09 CM-12 CM-13 AC-20
TM-16	Regulatory Reporting	IR-06 CA-02 CA-05 CA-07 AU-01 AU-06 PM-06 PM-14