← Frameworks / Financial Regulation

Central Bank of Egypt Financial Cybersecurity Framework

Mandatory cybersecurity framework for all banks, financial institutions, and payment service providers regulated by the Central Bank of Egypt. 5 functions (governance, risk management, technology and operations, cyber defence, outsourcing and vendor management) across 23 domains covering leadership, compliance, asset management, IAM, data protection, cryptography, application security, network security, SOC, incident management, and business resilience. Built on NIST CSF, ISO 27001, and SWIFT CSCF.

Clauses: 23

Avg Coverage: 79.0%

Publisher: Central Bank of Egypt (CBE) Version: 2022

CBE CSF → SP 800-53 SP 800-53 → CBE CSF Coverage Analysis

Clause	Title	SP 800-53 Controls
CD-1	Security Operations, Threat Intelligence, and Insider Threat	SI-04 SI-05 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-12 AU-13 AU-14 CA-07 PM-16 RA-03 RA-10 SC-26 SC-44 PM-12 PM-14 PS-02 PS-03 PS-04 PS-06 PS-08 AC-02 AC-05 AC-06 PE-06
CD-2	Incident Management	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09
CRM-1	Risk Assessment and Management	PM-09 PM-28 RA-01 RA-02 RA-03 RA-04 RA-05 RA-07 RA-09 PL-10 PL-11 CA-05
CRM-2	Asset Management	CM-08 CM-09 CM-12 CM-13 PM-05 RA-02 RA-09 SC-07 SA-22
CTO-1	Identity and Access Management	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-10 AC-11 AC-12 AC-14 AC-17 AC-19 AC-20 AC-24 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-08 IA-09 IA-11 IA-12
CTO-2	Data Protection and Privacy	MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 SC-08 SC-13 SC-28 CM-12 PT-01 PT-02 PT-03 PT-04 PT-05 PT-06 PT-07 PT-08 AC-04 AC-16 AC-23 SI-12
CTO-3	Cryptography	SC-12 SC-13 SC-08 SC-17 SC-28 SC-40 IA-07
CTO-4	Application Security	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 CM-14 SI-10 SI-11 SI-15
CTO-5	Digital Channels Security	SC-07 SC-08 SC-13 SC-23 AC-03 AC-04 AC-17 IA-02 IA-05 IA-08 SI-10 AU-02 AU-03
CTO-6	Network Security	SC-07 SC-05 SC-08 SC-20 SC-21 SC-22 SC-39 SC-41 SC-44 AC-04 AC-17 AC-18 CM-06 CM-07 SI-04
CTO-7	Endpoint Security	SC-41 SI-03 SI-04 SI-07 SI-16 CM-02 CM-03 CM-06 CM-07 CM-10 CM-11 AC-19
CTO-8	Email Security	SC-07 SC-08 SI-03 SI-04 SI-08 AT-02 AC-04
CTO-9	Vulnerability and Patch Management	RA-05 RA-06 SI-02 SI-05 CM-03 CM-04 SA-22 PM-16
CTO-10	Physical and Environmental Security	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-17 PE-18 MA-01 MA-02 MA-03 MA-04 MA-05 MA-06
CTO-11	Cloud Security	AC-20 SA-04 SA-09 CA-03 CA-09 SC-07 PM-30 PM-31 SR-01 SR-03
CTO-12	Change Management	CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-09 SA-10
GOV-1	Leadership, Governance, and Strategy	PM-01 PM-02 PM-03 PM-09 PM-10 PM-11 PM-13 PM-28 PM-29 PL-01 PL-02 PL-08 PL-09 PL-10 PL-11 PS-09
GOV-2	Cybersecurity Roles, Responsibilities, and HR Security	PM-02 PM-13 PM-29 PS-01 PS-02 PS-03 PS-04 PS-05 PS-06 PS-07 PS-08 PS-09
GOV-3	Compliance and Regulatory Reporting	CA-01 CA-02 CA-03 CA-05 CA-06 CA-07 PM-04 PM-06 PM-10 PM-15 PL-01 PL-02 PL-04
GOV-4	Security Awareness and Training	AT-01 AT-02 AT-03 AT-04 AT-05 AT-06 PM-13 PM-15
OVM-1	Outsourcing and Vendor Management	PM-30 PM-31 PM-32 SA-04 SA-09 SA-21 SA-22 SR-01 SR-02 SR-03 SR-05 SR-06
OVM-2	Business Resilience	CP-01 CP-02 CP-03 CP-04 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13 SC-24 SI-13 SI-17 PM-08 PM-11
OVM-3	Cybersecurity Testing	CA-02 CA-07 CA-08 CA-09 RA-05 RA-06 PM-14 RA-09