68. Bangladesh 44.16

68th National Cyber Security Index
78th Global Cybersecurity Index
147th ICT Development Index
112th Networked Readiness Index
Population 161.0million
Area (km2) 147.6thousand
GDP per capita ($) 4.5thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
21 Dec 2020 Government officials
22 Jun 2020 Government officials
19 Dec 2018 Government officials
28 Aug 2018 Government officials
5 May 2018 Government officials

Version 21 Dec 2020

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 1/5 20%
    1
    5 20%
  • 6. Protection of essential services 0/6 0%
    0
    6 0%
    • 6.1. Operators of essential services are identified 0
      0
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 6/9 67%
    6
    9 67%
    • 7.1. Unique persistent identifier 0
      0
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence
    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 1
      1
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence

      (1) The Certifying Authority shall, for issuing the Electronic Signature Certificates, while complying with the provisions of section 36 of the Act, shall also comply with the following, namely:-

        1. the Electronic Signature Certificate shall be issued only after a Electronic Signature Certificate application in the form provided by the Certifying Authority has been submitted by the subscriber to the Certifying Authority and the same has been approved by it:
        2. no interim Electronic Signature Certificate shall be issued;
        3. the Electronic Signature Certificate shall be issues by the Certifying Authority upon receipt of an authorized and validated request for new Electronic Signature Certificate or for renewal of an and Electronic Signature Certificates;
        4. the Electronic Signature Certificate must contain or incorporate, such information, as is sufficient to locate or identify one or more repositories and such information must be listed in the list of revocation or suspension of the Electronic Signature Certificate in the event the Electronic Signature Certificate is suspended or revoked;
        5. the subscriber identity verification method employed for issuance of Electronic Signature Certificate shall be in accordance with the method specified in the Certification Practice Statement and shall be subject to the approval of the Controller during the application for a licence;
        6. where the Electronic Signature Certificate is issued to a person which is considered as a New Electronic Signature Certificate, on the  basis  of another valid Electronic Signature Certificate held by the said person which is considered as an Originating Electronic Signature Certificate, and subsequently the originating Electronic Signature Certificate has been suspended or revoked, the Certifying Authority that issued the new Electronic  Signature  Certificate  shall  conduct investigations  to  determine

       

      whether it is necessary to suspend or revoke the new Electronic Signature Certificate;

        1. the Certifying Authority shall provide a reasonable opportunity for the subscriber to verify the contents of the Electronic Signature  Certificate before it is accepted;
        2. in the event the subscriber accepts the Electronic Signature Certificate, the Certifying Authority shall publish a signed copy of the Electronic Signature Certificate;
        3. where the Electronic Signature Certificate has been issued by the licensed Certifying Authority and has been accepted by the subscriber, and the Certifying Authority later comes to know of any fact,  that  affects  the validity or reliability of such Electronic Signature Certificate, it shall notify the same to the subscriber immediately;
        4. all Electronic Signature Certificates shall be issued with a designated expiry date.
    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

    • 7.5. Timestamping 1
      1
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence

      This is a guideline for implementation of Time Stamping Services by the Certifying Authorities (CA). In support of the ICT Act, 2006 (amended in 2009 and 2013), the Government of People's Republic of Bangladesh established the Office of the Controller of Certifying Authorities (CCA). Licensed Certifying Authorities (CAs) are required to operate Time Stamping Services. The CA shall not issue a Time stamping certificate other than for its own time stamping service. The Time Stamping Service provided by CA should be logically & physically separate from the CA systems. However CA can use the same physical infrastructure and resources. The Audit of the Time Stamping Service shall be included in the audit of CA facilities.

    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      ICT Act 2006 (amended in 2013) and IT (CA) Rules 2010 refers the hierarchical PKI model for Bangladesh. Office of the CCA will act as the Root CA in the hierarchy. Bangladesh Root CA will certify the licensed CAs which in turns will certify the descendants of licensed CAs. 


  • 8. Protection of personal data 0/4 0%
    0
    4 0%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data

CONTRIBUTORS

Tawhidur Rahman
BGD e-GOV CIRT