National Information Technology Authority of Uganda (NITA-U) has developed a National Information Security Framework (NISF) whose purpose is to serve as a conceptual structure for guiding information security activities in Uganda.
The NISF shall present a common approach for addressing information security issues both within and outside the Government of Uganda (GoU). It aims to help secure the information and other assets that enable the GoU to conduct its operations by using a multi-layered structure, which describes mandatory security activities, roles, responsibilities and their relationships.
The mandatory security requirements apply to all stakeholders irrespective of their functions.
However, as a risk-management driven framework, the NISF requires the stakeholders to assure their Accounting Officers, and NITA-U that the security measures implemented appropriately address the peculiar threats, risks and vulnerabilities which their operations face.
In particular, the NISF shall assist in:
I. Focusing on information security outcomes rather than activities;
II. Improving understanding of information security roles and responsibilities; and
III. Enabling human and institutional information security / cyber security capacity building.
The National Information Security Framework (NISF) contains an Executive handbook , a National Information Security Policy, Security standards such as Technical Risk Assessment, Risk Management and Accreditation, Security Classification, Personnel Security, Physical Security and Incident Management. It also includes an Implementation guide.
This framework is one of the outputs from the National Information Security Strategy which is the overall National strategy for Information Security.