Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Reg... (32024R1774)
INHALT
Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
- COMMISSION DELEGATED REGULATION (EU) 2024/1774
- of 13 March 2024
- supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework
- (Text with EEA relevance)
- TITLE I
- GENERAL PRINCIPLE
- Article 1
- Overall risk profile and complexity
- TITLE II
- FURTHER HARMONISATION OF ICT RISK MANAGEMENT TOOLS, METHODS, PROCESSES, AND POLICIES IN ACCORDANCE WITH ARTICLE 15 OF REGULATION (EU) 2022/2554
- CHAPTER I
- ICT Security policies, procedures, protocols, and tools
- Section 1
- Article 2
- General elements of ICT security policies, procedures, protocols, and tools
- Section 2
- Article 3
- ICT risk management
- Section 3
- ICT asset management
- Article 4
- ICT asset management policy
- Article 5
- ICT asset management procedure
- Section 4
- Encryption and cryptography
- Article 6
- Encryption and cryptographic controls
- Article 7
- Cryptographic key management
- Section 5
- ICT operations security
- Article 8
- Policies and procedures for ICT operations
- Article 9
- Capacity and performance management
- Article 10
- Vulnerability and patch management
- Article 11
- Data and system security
- Article 12
- Logging
- Section 6
- Network security
- Article 13
- Network security management
- Article 14
- Securing information in transit
- Section 7
- ICT project and change management
- Article 15
- ICT project management
- Article 16
- ICT systems acquisition, development, and maintenance
- Article 17
- ICT change management
- Section 8
- Article 18
- Physical and environmental security
- CHAPTER II
- Human resources policy and access control
- Article 19
- Human resources policy
- Article 20
- Identity management
- Article 21
- Access control
- CHAPTER III
- ICT-related incident detection and response
- Article 22
- ICT-related incident management policy
- Article 23
- Anomalous activities detection and criteria for ICT-related incidents detection and response
- CHAPTER IV
- ICT business continuity management
- Article 24
- Components of the ICT business continuity policy
- Article 25
- Testing of the ICT business continuity plans
- Article 26
- ICT response and recovery plans
- CHAPTER V
- Report on the ICT risk management framework review
- Article 27
- Format and content of the report on the review of the ICT risk management framework
- TITLE III
- SIMPLIFIED ICT RISK MANAGEMENT FRAMEWORK FOR FINANCIAL ENTITIES REFERRED TO IN ARTICLE 16(1) OF REGULATION (EU) 2022/2554
- CHAPTER I
- Simplified ICT risk management framework
- Article 28
- Governance and organisation
- Article 29
- Information security policy and measures
- Article 30
- Classification of information assets and ICT assets
- Article 31
- ICT risk management
- Article 32
- Physical and environmental security
- CHAPTER II
- Further elements of systems, protocols, and tools to minimise the impact of ICT risk
- Article 33
- Access Control
- Article 34
- ICT operations security
- Article 35
- Data, system and network security
- Article 36
- ICT security testing
- Article 37
- ICT systems acquisition, development, and maintenance
- Article 38
- ICT project and change management
- CHAPTER III
- ICT business continuity management
- Article 39
- Components of the ICT business continuity plan
- Article 40
- Testing of business continuity plans
- CHAPTER IV
- Report on the review of the simplified ICT risk management framework
- Article 41
- Format and content of the report on the review of the simplified ICT risk management framework
- TITLE IV
- FINAL PROVISIONS
- Article 42
- Entry into force
Feedback