Qatar National Information Assurance Policy v2.0
Mandatory information assurance policy for all Qatar government entities and critical infrastructure operators. 11 security domains modeled on ISO 27001 and NIST 800-53 with a 3-tier classification system (Basic, Advanced, Critical). Covers governance, risk management, asset management, HR security, physical security, communications, operations, access control, systems development, incident management, and business continuity.
| Clause | Title | SP 800-53 Controls |
|---|---|---|
| AC | Access Control | |
| AM | Asset Management | |
| BC | Business Continuity | |
| CS | Communications Security | |
| GV | Information Security Governance | |
| HR | Human Resources Security | |
| IM | Incident Management | |
| OS | Operations Security | |
| PS | Physical Security | |
| RM | Risk Management | |
| SD | Systems Development and Maintenance |