The ICT minimum security measures are practical guidelines established by the Agency for Digital Italy (AgID) to improve the cybersecurity of public administrations. These measures include technological, organizational, and procedural controls to counter the most common cybersecurity threats.
- Provide a directly usable operational reference (checklist).
- Establish a common baseline of essential technical and organizational measures.
- Verify the protection status against cybersecurity threats.
- Outline a path for continuous improvement.
- Make administrations aware of the need to maintain an adequate level of cybersecurity protection.
The ICT minimum security measures apply to all Italian public administrations, regardless of their nature and size. Each administration must comply with at least the minimum level of measures.
The minimum measures are divided into three implementation levels:
- Minimum: The basic level that every administration must comply with.
- Standard: A higher level that represents the majority of Italian public administrations.
- High: For organizations most exposed to risks, but also as a target for improvement for all others.
The minimum ICT security measures came into effect for all public administrations on December 31, 2017.