What is the importance of Decree-Law No. 65/2021?
Decree-Law N.º65/2021, approved by the Council of Ministers, responds to the need to establish rules on security requirements for networks and information systems directly connected to the internet and for incident reporting, provided for in Law N.º46/2028.
Decree-Law n.º65/2021,has as scope of applicability the Public Administration, operators of critical infrastructures, operators of essential services and digital service providers, foreseen in sub-paragraphs a) to d) of paragraph 1 of article 2 of the Legal Framework for Cyberspace Security (Law n.º 46/2018).
Requirements of Decree-Law No. 65/2021
- Identify and inform the CNCS of the Permanent Point of Contact
- Identify and communicate to the CNCS the Security Officer
- Inventory all essential assets and communicate the list of assets to the CNCS
- Perform a Risk Analysis of the assets that ensure the continuity of the operation of networks and information systems and the provision of services
- Elaborate and keep updated a Security Plan
- Notify the CNCS of all incidents with relevant or substantial impact
- Prepare an annual report with a description of the activities carried out, information and statistics on incidents and recommendations for improvement.