2024R1774 - Summary
COMMISSION DELEGATED REGULATION (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework (Text with EEA relevance)
Info
🇫🇷 French Version: 2024R1774_FR.0. Open the PDF. Direct link to EUR-LEX.
Article 1 - Overall risk profile and complexity
Article 2 - General elements of ICT security policies, procedures, protocols, and tools
Article 3 - ICT risk management
Article 4 - ICT asset management policy
Article 5 - ICT asset management procedure
Article 6 - Encryption and cryptographic controls
Article 7 - Cryptographic key management
Article 8 - Policies and procedures for ICT operations
Article 9 - Capacity and performance management
Article 10 - Vulnerability and patch management
Article 11 - Data and system security
Article 12 - Logging
Article 13 - Network security management
Article 14 - Securing information in transit
Article 15 - ICT project management
Article 16 - ICT systems acquisition, development, and maintenance
Article 17 - ICT change management
Article 18 - Physical and environmental security
Article 19 - Human resources policy
Article 20 - Identity management
Article 21 - Access control
Article 22 - ICT-related incident management policy
Article 23 - Anomalous activities detection and criteria for ICT-related incidents detection and response
Article 24 - Components of the ICT business continuity policy
Article 25 - Testing of the ICT business continuity plans
Article 26 - ICT response and recovery plans
Article 27 - Format and content of the report on the review of the ICT risk management framework
Article 28 - Governance and organisation
Article 29 - Information security policy and measures
Article 30 - Classification of information assets and ICT assets
Article 31 - ICT risk management
Article 32 - Physical and environmental security
Article 33 - Access Control
Article 34 - ICT operations security
Article 35 - Data, system and network security
Article 36 - ICT security testing
Article 37 - ICT systems acquisition, development, and maintenance
Article 38 - ICT project and change management
Article 39 - Components of the ICT business continuity plan
Article 40 - Testing of business continuity plans
Article 41 - Format and content of the report on the review of the simplified ICT risk management framework
Article 42 - Entry into force