Title 2 – Further harmonisation of ICT risk management tools, methods, processes, and policies in accordance with Article 15 of Regulation (EU) 2022/2554
Chapter 1 – ICT Security policies, procedures, protocols, and tools
Section 1
Article 2– General elements of ICT security policies, procedures, protocols, and tools
Section 2
Article 3– ICT risk management
Section 3 – ICT asset management
Article 4– ICT asset management policy
Article 5– ICT asset management procedure
Section 4 – Encryption and cryptography
Article 6– Encryption and cryptographic controls
Article 7– Cryptographic key management
Section 5 – ICT operations security
Article 8– Policies and procedures for ICT operations
Article 9– Capacity and performance management
Article 10– Vulnerability and patch management
Article 11– Data and system security
Article 12– Logging
Section 6 – Network security
Article 13– Network security management
Article 14– Securing information in transit
Section 7 – ICT project and change management
Article 15– ICT project management
Article 16– ICT systems acquisition, development, and maintenance
Article 17– ICT change management
Section 8
Article 18– Physical and environmental security
Chapter 2 – Human resources policy and access control
Chapter 3 – ICT-related incident detection and response
Article 22– ICT-related incident management policy
Article 23– Anomalous activities detection and criteria for ICT-related incidents detection and response
Chapter 4 – ICT business continuity management
Article 24– Components of the ICT business continuity policy
Article 25– Testing of the ICT business continuity plans
Article 26– ICT response and recovery plans
Chapter 5 – Report on the ICT risk management framework review
