41. Bangladesh 59.74

41st National Cyber Security Index
53rd Global Cybersecurity Index
147th ICT Development Index
105th Networked Readiness Index
Population 161.0million
Area (km2) 147.6thousand
GDP per capita ($) 4.5thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
23 Aug 2021 Government officials
21 Dec 2020 Government officials
22 Jun 2020 Government officials
19 Dec 2018 Government officials

Version 23 Aug 2021

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 1/5 20%
    1
    5 20%
  • 6. Protection of essential services 5/6 83%
    5
    6 83%
  • 7. E-identification and trust services 7/9 78%
    7
    9 78%
    • 7.1. Unique persistent identifier 1
      1
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence

      In the Citizen Core Data Structure, CCDS document cabinet portal, Bangladesh website in page number 15 it is mention that " NID number is a unique number used to uniquely identify a person".  

    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 1
      1
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence

      (1) The Certifying Authority shall, for issuing the Electronic Signature Certificates, while complying with the provisions of section 36 of the Act, shall also comply with the following, namely:-

        1. the Electronic Signature Certificate shall be issued only after a Electronic Signature Certificate application in the form provided by the Certifying Authority has been submitted by the subscriber to the Certifying Authority and the same has been approved by it:
        2. no interim Electronic Signature Certificate shall be issued;
        3. the Electronic Signature Certificate shall be issues by the Certifying Authority upon receipt of an authorized and validated request for new Electronic Signature Certificate or for renewal of an and Electronic Signature Certificates;
        4. the Electronic Signature Certificate must contain or incorporate, such information, as is sufficient to locate or identify one or more repositories and such information must be listed in the list of revocation or suspension of the Electronic Signature Certificate in the event the Electronic Signature Certificate is suspended or revoked;
        5. the subscriber identity verification method employed for issuance of Electronic Signature Certificate shall be in accordance with the method specified in the Certification Practice Statement and shall be subject to the approval of the Controller during the application for a licence;
        6. where the Electronic Signature Certificate is issued to a person which is considered as a New Electronic Signature Certificate, on the  basis  of another valid Electronic Signature Certificate held by the said person which is considered as an Originating Electronic Signature Certificate, and subsequently the originating Electronic Signature Certificate has been suspended or revoked, the Certifying Authority that issued the new Electronic  Signature  Certificate  shall  conduct investigations  to  determine

       

      whether it is necessary to suspend or revoke the new Electronic Signature Certificate;

        1. the Certifying Authority shall provide a reasonable opportunity for the subscriber to verify the contents of the Electronic Signature  Certificate before it is accepted;
        2. in the event the subscriber accepts the Electronic Signature Certificate, the Certifying Authority shall publish a signed copy of the Electronic Signature Certificate;
        3. where the Electronic Signature Certificate has been issued by the licensed Certifying Authority and has been accepted by the subscriber, and the Certifying Authority later comes to know of any fact,  that  affects  the validity or reliability of such Electronic Signature Certificate, it shall notify the same to the subscriber immediately;
        4. all Electronic Signature Certificates shall be issued with a designated expiry date.
    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

    • 7.5. Timestamping 1
      1
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence

      This is a guideline for implementation of Time Stamping Services by the Certifying Authorities (CA). In support of the ICT Act, 2006 (amended in 2009 and 2013), the Government of People's Republic of Bangladesh established the Office of the Controller of Certifying Authorities (CCA). Licensed Certifying Authorities (CAs) are required to operate Time Stamping Services. The CA shall not issue a Time stamping certificate other than for its own time stamping service. The Time Stamping Service provided by CA should be logically & physically separate from the CA systems. However CA can use the same physical infrastructure and resources. The Audit of the Time Stamping Service shall be included in the audit of CA facilities.

    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      ICT Act 2006 (amended in 2013) and IT (CA) Rules 2010 refers the hierarchical PKI model for Bangladesh. Office of the CCA will act as the Root CA in the hierarchy. Bangladesh Root CA will certify the licensed CAs which in turns will certify the descendants of licensed CAs. 


  • 8. Protection of personal data 0/4 0%
    0
    4 0%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
Information Disclaimer

The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.

What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data

CONTRIBUTORS

Tawhidur Rahman
BGD e-GOV CIRT