Minimum ICT Security Measures for Public Administrations

by Francesco Ongaro, 07/12/2020

Who is Concerned

Since December 31, 2017, as indicated in the Digital Administration Code (CAD - art. 17), there is an obligation for public administrations to maintain minimum security standards related to IT infrastructures. Therefore, all public administrations are required to comply with the minimum IT security measures developed by AgID.

Depending on the type of public administration, it may be necessary to demonstrate compliance with different ICT security standards. However, it is mandatory for all public administrations to complete a form certifying the adoption of minimum IT security measures.

What They Are and What They Consist Of

The implementation of the regulation implies that there are technological, organizational, and procedural controls dedicated to public administrations. These controls aim to define a methodological standard to facilitate the assessment of the IT security level of public administrations. For a public administration to be compliant, it is necessary to adopt the minimum ICT security measures for public administrations.

Depending on the IT system and function of the public administration, the minimum IT security measures can be implemented following three levels of implementation progressively.

Blue Team

Minimum

Compliance with these measures ensures conformity with the regulation.

Every public administration must necessarily adopt the security measures related to this level. This level is sub-optimal and should be considered temporary.

Standard

Compliance with the security measures of the standard level is considered a basis for having concrete IT security.

Most public administrations should achieve the standards of this security level.

Advanced

The security measures of the advanced level should be seen as a cue to improve the existing security of all organizations and are recommended for public administrations particularly exposed to risks.

Adhering to the ICT security guidelines in public administrations and completing the implementation form by the head of the structure for organization, innovation, and technologies or the appointed manager becomes the responsibility of the public administrations.

Conclusions

ISGroup, thanks to its team of IT security experts, will be able to help public administrations understand the minimum ICT security measures, comply with them, and complete the implementation form; bringing the public administration from a state of non-compliance to full compliance.

Request more information about this

Or call us at
(+39) 045 4853232

Author
author
Francesco Ongaro
Founder @ ISGroup SRL, Hacker, CEH, ISO 27001 LA
Tags
Agid Acn, Best Practice
Social
Request more information about this

Or call us at
(+39) 045 4853232

Recent Posts

Visit the blog

Popular Tags

Publications

A brief collection of publications, materials and presentations that our staff members produced and presented during their career.

This is a demonstration that IT Security is not just a profession for us but also a great passion.

Our publications

Research

Research is a fascinating activity that puts the computer security expert always against scenarios and challenges. For years, even through our non-commercial embodiment, ush.it - a beautiful place, we dedicated ourselves to the publication of advisories, exploit development and bug hunting.

Our researches

Certification and Training

Thanks to the experience gained during technical activities performed so far, the results of our research and our knowledge of IT Security issues and solutions, we are able to provide different training paths for those who are in position to execute offensive (auditor, penetration tester) or defensive (network administrators, developers) activities.

The Training

ISGroup SRL
Via Cantarane, 14
37129 Verona VR
CF e P.IVA 04164220230
REA VR-397513

Contacts

Certified company ISO 9001 and ISO 27001

Cybersecurity made in Italy

© 2005-2025 ISGroup SRL. All Rights Reserved.

Sitemap  Privacy Policy  Cookie Policy

IQNET Certification ISO/IEC 27001:2022 Certification ISO/IEC 9001:2015 Certification

🎉 We want to talk to you! Book an appointment!