The minimum ICT security measures issued by AgID aim at countering the most frequent cyber threats to the Italian public administration.
As of 31 December 2017, the percentage of PAs that have aligned themselves with the required measures can be verified on the dedicated dashboard.
What do the security measures consist in
The measures consist in technological, organisational and procedural controls, with three levels of implementation.
level 1: mandatory for every public administration
level 2: The minimum level is mandatory for each public administration
The subsequent levels require more complete protection systems. They concern organisations that are most exposed to risks due to the critical nature of the information processed or services provided.
The minimum measures also foresees public administrations’ access to early warning services to keep up- with new security vulnerabilities. In this regard, CERT-PA provides information services to all accredited administrations.
The organisation, innovation and technologies manager (or a designated manager) is responsible for upgrading the security measures, as indicated in the DAC (Digital Administration Code (art. *** ).The executive manager responsible for the implementation of the measures must fill in and digitally sign the "Implementation form" attached to the Circular.
Regulatory references above in Link section