48. Georgia 53.25

48th National Cyber Security Index
18th Global Cybersecurity Index
74th ICT Development Index
58th Networked Readiness Index
Population 3.7million
Area (km2) 69.7thousand
GDP per capita ($) 10.6thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
13 Apr 2020 Public data collection
21 Nov 2017 Government officials

Version 13 Apr 2020

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 0/5 0%
    0
    5 0%
    • 5.1. Cyber security responsibility for digital service providers 0
      0
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence
    • 5.2. Cyber security standard for the public sector 0
      0
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

      Evidence
    • 5.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
  • 6. Protection of essential services 6/6 100%
    6
    6 100%
    • 6.1. Operators of essential services are identified 1
      1
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/en/document/view/2333175

       

      Resolution of Government №312 of Georgia on Approval of the list of critical infrastructure system subjects

      https://matsne.gov.ge/en/document/view/2521602

      Resolution of Government №567 of Georgia on Approval of the list of critical infrastructure system subjects in the sphere of defence

    • 6.2. Cyber security requirements for operators of essential services 1
      1
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/ka/document/view/1831782

    • 6.3. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence

      http://www.dea.gov.ge/uploads/GISA_ENG_FINAL_2015_ver.pdf

      Chapter II, Art 4: DEA (CERT.GOV.GE, Information Security and policy Division) is specialized entity authorized for strengthening cyber security of critical information infrastructure subjects. The unit has the responsibility to develop adequate security measures for CII, and coordinate and supervise the implementation of CII specific security measures

    • 6.4. Regular monitoring of security measures 1
      1
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence

      http://www.dea.gov.ge/uploads/GISA_ENG_FINAL_2015_ver.pdf

      Chapter II, Art 4: 3. Critical information system subject shall communicate information security policy adopted in compliance with par. 1 of this Article to the Data Exchange Agency for review. The Data Exchange Agency shall be also notified of any changes to information security policies. The Data Exchange Agency conducts general analysis of submitted documents and present recommendations for remedying shortcomings identified.

  • 7. E-identification and trust services 7/9 78%
    7
    9 78%
    • 7.1. Unique persistent identifier 1
      1
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/en/document/download/31504/28/en/pdf

      Art 1

      https://matsne.gov.ge/ka/document/view/88696

       

      Art 12: Both citizens and businesses are uniquely identified in Georgia. The personal number is a unique identification number of a person that shall not be changed. The appropriate authority – Public Service Development Agency shall assign a personal identity number to a person during: a) Birth registration; b) Acquisition of citizenship of Georgia. Identification number of a legal person is a unique number assigned to a legal person when being registered in the business registry, one unique number is assigned to a business entity, used for tax and state registration purposes at the same time. An identification number of a legal person is permanent and shall not be changed. Number of digits in legal person’s identification number is different based on the organizational form of the business (sole entrepreneur physical person or corporate company).

    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 1
      1
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/en/document/download/31504/28/en/pdf

      Art 14

    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/ka/document/view/3654557

      Law of Georgia on Electronic Signature and Electronic Documents was enacted on March 14, 2008 and established a legal framework for electronic document and the use of electronic signatures, but didn’t apply to electronic trust services. A new law on Electronic Document and Electronic Trust Services which will substitute existing law on e-signatures was enacted on April 21, 2017. The new Law replaced the old regulation and sets legal grounds for the application of electronic document and electronic trust services, such as qualified electronic signature and seal, timestamp, qualified preservation service for qualified electronic signatures and etc. New law fully comply with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

    • 7.5. Timestamping 1
      1
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence

      https://matsne.gov.ge/ka/document/view/3654557

      Art 7

    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      https://matsne.gov.ge/ka/document/view/3654557

      Law on " Electronic Document and Electronic Trust Services" vests all control and supervision of trust service providers to DEA. Art. 11.

  • 8. Protection of personal data 4/4 100%
    4
    4 100%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data

CONTRIBUTORS

Natalia Goderdzishvili
Data Exchange Authority