46. Argentina 63.64

46th National Cyber Security Index
91st Global Cybersecurity Index
51st ICT Development Index
57th Networked Readiness Index
Population 43.6million
Area (km2) 2.8million
GDP per capita ($) 21.4thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
14 Oct 2022 Public data collection

Version 14 Oct 2022

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 1/5 20%
    1
    5 20%
    • 5.1. Cyber security responsibility for digital service providers 0
      0
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence
    • 5.2. Cyber security standard for the public sector 1
      1
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

      Evidence

      Administrative Decision 641/2021, Minimum Information Security Requirements for Organizations


      Referential Model of Information Security Policy

       “The National Directorate of Cybersecurity of Argentina published through the official bulletin a document entitled Referential Model of Information Security Policy. It details the approved guidelines that must be followed by public sector organizations when implementing a Security Policy as part of their obligations to protect the fundamental technological assets for the proper functioning of the organization.
       

      The document is a reference framework on which each body that makes up the National Administration must work according to the particularities and needs established according to the Minimum Information Security Requirements.
       

      As the document explains , the security policy defines the posture that an organization expects from its employees, authorities and third parties that have access to data or resources to protect said information.

    • 5.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
  • 6. Protection of essential services 1/6 17%
    1
    6 17%
    • 6.1. Operators of essential services are identified 1
      1
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence

      Resolution 1523 / 2019, Definition of Critical Infrastructures 

      “ARTICLE 1.- Approve the definition of Critical Infrastructures and Critical Information Infrastructures, the enumeration of the identification criteria and the determination of the sectors reached, which as Annex I (IF-2019-78452510-APN-SGM#JGM) is part of this measure.”

      Identified sectors as per Annex I:

      • Energy
      • Information and Communication Technologies
      • Transportation
      • Water
      • Health
      • Food
      • Finance
      • Nuclear
      • Chemical
      • Space
      • State
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 5/9 56%
    5
    9 56%
    • 7.1. Unique persistent identifier 1
      1
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence

      ID number of the Documento Nacional de Identidad (National Identity Document).

      Law of Identification, Registration and Classification of National Human Potential –  see Articles 7,8,15


      See also link above, Information guide on National Identity Document (DNI):

      The DNI is processed for the first time when the person is born. The mothers, fathers, guardians of the girl or boy who has just been born must complete the procedure.

      The procedure is free.

      The number of this DNI does not change and accompanies the person throughout his life.

      The DNI must be updated twice.

      • between 5 and 8 years of age;
      • upon reaching 14 years of age.
    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 0
      0
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence

      Digital Signature Act (No 25,506) of 11 December 2001
      CHAPTER I General considerations
      ARTICLE 1 - Object. The use of the electronic signature and the digital signature and its legal effectiveness are recognized under the conditions established by this law.
      ARTICLE 2 - Digital Signature. A digital signature is understood as the result of applying a mathematical procedure to a digital document that requires information of exclusive knowledge of the signer, and is under his absolute control. The digital signature must be capable of verification by third parties, so that such verification simultaneously allows identifying the signer and detect any alteration of the digital document after its signature. The signature and verification procedures to be used for such purposes shall be those determined by the Application Authority in accordance with current international technological standards.

    • 7.5. Timestamping 0
      0
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      Head of the Cabinet of Ministers (enforcement authority); see article 30 of Digital Signature Law 25,506 (link above). 

  • 8. Protection of personal data 4/4 100%
    4
    4 100%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
Information Disclaimer

The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.

What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data

CONTRIBUTORS

Patricia Prandini
Ministry of Modernization