NCSI FULFILMENT PERCENTAGE
Version 15 Dec 2024 Choose a version
STRATEGIC CYBERSECURITY INDICATORS
-
1. CYBERSECURITY POLICY 12/15 80%1215 80%
-
1.1. High-level cybersecurity leadership 333
Requirements
CriteriaThe country has appointed governmental leadership responsible for cybersecurity at the national level.
Accepted referencesLegal act, national strategy, official statutes or terms of reference, or official website
Evidence
Evidence presented in a foreign language
https://ncsc.jo/Ar/Pages/About_the_Center_AR
The National Cybersecurity Center (NCSC) is recognized as the official authority responsible for implementing, managing, and executing cybersecurity strategies, and providing effective cybersecurity defence for the purposes of cyber threat detection and response. It serves as a liaison between the government, business sectors, academic institutions, and citizens to achieve the strategic objectives in the field of cybersecurity.
-
1.2. Cybersecurity policy development 333
Requirements
CriteriaThere is a competent entity in the central government to whom responsibility is assigned for national cybersecurity strategy and policy development.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
Evidence presented in a foreign language
According to Article 6 B 1) (page 5/11 of the PDF) of the Cybersecurity Law (Law 16 of 2019), the National Cybersecurity Center (NCSC) is responsible for developing the national cybersecurity strategy and formulating related policies.
Evidence presented in a foreign language
https://ncsc.jo/Ar/Pages/Organizational_Structure_AR
There’s also a dedicated entity at NCSC titled as Directorate of Policy and Compliance (last subdivision of the leftmost branch in the diagram) which is responsible for:
- Building national policies to define requirements that support the national direction for cybersecurity.
- Developing and updating compliance controls with cybersecurity policies and standards.
-
1.3. Cybersecurity policy coordination 333
Requirements
CriteriaThe country has a regular official format for cybersecurity policy coordination at the national level.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
Evidence presented in a foreign language
According to Articles 3 & 4 of the Cybersecurity Law (Law 16 of 2019), the National Cybersecurity Council is the official format for cybersecurity policy coordination at the national level.
-
1.4. National cybersecurity strategy 333
Requirements
CriteriaThe central government has established a national-level cybersecurity strategy defining strategic cybersecurity objectives and measures to improve cybersecurity across society.
Accepted referencesValid official document
Evidence
National Cyber Security Strategy 2018-2023
-
1.5. National cybersecurity strategy action plan 003
Requirements
CriteriaThe central government has established an action plan to implement the national cybersecurity strategy.
Accepted referencesCurrent official document, legal act, or official statement
Evidence
-
-
2. GLOBAL CYBERSECURITY CONTRIBUTION 6/6 100%66 100%
-
2.1. Cyber diplomacy engagements 333
Requirements
CriteriaThe government contributes to international or regional cooperation formats dedicated to cybersecurity and cyber stability. (The indicator is limited to strategic-level cooperation; operational-level incident response cooperation and cross-border law enforcement cooperation are addressed separately under other indicators.)
Accepted referencesOfficial website of the organisation or cooperation format, official statement or contribution
Evidence
https://disarmament.unoda.org/group-of-governmental-experts/
Jordan has participated in the establishment of Group of Governmental Experts (GGE) on advancing responsible state behavior in cyberspace in the context of international security.
https://chathamhouse.soutron.net/Portal/Public/en-GB/RecordView/Index/191666
- Collaboration between Chatham House and the Jordanian government
In the context of global state-led negotiations on responsible behavior in cyberspace and the importance of foreign ministries and diplomats being equipped to deal with the challenges and possibilities of cyberspace in a manner compliant with globally recognized norms, Chatham House, in collaboration with the Ministry of Foreign Affairs and Expatriates of the Hashemite Kingdom of Jordan and the Jordanian National Cyber Security Centre, hosted a regional conference in Jordan on 16 and 17 May 2022. Titled "Cyber Diplomacy and Governance: Opportunities, Challenges, and Ways Forward for Arab Countries.
https://counter-ransomware.org/briefingroom/41cd6ea6-2b62-4034-9b73-026fc7098c4f
International Counter Ransomware Initiative
-
2.2. Commitment to international law in cyberspace 111
Requirements
CriteriaThe country has an official position on the application of international law, including human rights, in the context of cyber operations.
Accepted referencesOfficial document or statement, international indexes
Evidence
https://www.state.gov/joint-statement-on-the-second-u-s-jordan-cyber-and-digital-dialogue/
- Joint Statement on the Second U.S.-Jordan Cyber and Digital Dialogue
"Highlighting their shared conviction that only through enhanced international cooperation can a more secure and stable cyberspace be achieved, the United States and Jordan pledged to strengthen their collaboration, including through the International Counter Ransomware Initiative and by promoting and implementing the framework for responsible state behavior in cyberspace. (...)
Both the United States and Jordan reaffirmed their support of a multi-stakeholder approach to Internet governance, technical standards that promote an innovative digital economy and a shared vision that the Internet should be open, interoperable, secure, and trusted to support a vibrant digital economy. Each side also acknowledged that this shared vision for digital connectivity requires a foundation built on the use of secure and trustworthy ICT equipment and suppliers."
-
2.3. Contribution to international capacity building in cybersecurity 222
Requirements
CriteriaThe country has led or supported cybersecurity capacity building for another country in the past three years.
Accepted referencesOfficial website or project document
Evidence
Evidence presented in a foreign language
https://www.ncsc.jo/Ar/NewsDetails/Ncsc_workshop_Arab_Countries
- Series of workshops aimed at cyber capacity building
National Cyber Security Center (NCSC) hosted a series of workshops for participants from eight Arab governments, part of the "Sharakah" training program by The Hague Academy for Local Governance. The workshop, attended by 25 participants, focused on capacity building in digital transformation, including service automation and data protection. It featured presentations on the Centre's key functions and activities, aimed at enhancing cybersecurity knowledge and fostering partnerships with Arab governments.
-
-
3. EDUCATION AND PROFESSIONAL DEVELOPMENT 10/10 100%1010 100%
-
3.1. Cyber safety competencies in primary education 222
Requirements
CriteriaPrimary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Framework for computer science and digital skills framework, their standards and performance indicators for students ranging from kindergarten to twelfth grade.
-
3.2. Cyber safety competencies in secondary education 222
Requirements
CriteriaSecondary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Framework for computer science and digital skills framework, their standards and performance indicators for students ranging from kindergarten to twelfth grade.
-
3.3. Undergraduate cybersecurity education 222
Requirements
CriteriaAt least one undergraduate education programme is available in the country to train students in cybersecurity.
Accepted referencesAccredited study programme
Evidence
https://computer.ju.edu.jo/Lists/ProgramSpecifications/School_ProgSpic_last.aspx?prog=26&categ=13
Bachelor Of Cyber Security at the University of Jordan.
-
3.4. Graduate cybersecurity education 333
Requirements
CriteriaAt least one cybersecurity education programme is available in the country at the graduate level.
Accepted referencesAccredited study programme
Evidence
https://psut.edu.jo/en/program/master-of-science-program-in-Cyber-security
Master's Degree in Cyber security at the Princess Sumaya University for Technology
-
3.5. Association of cybersecurity professionals 111
Requirements
CriteriaA professional association of cybersecurity specialists, managers, or auditors exists in the country.
Accepted referencesOfficial website
Evidence
https://engage.isaca.org/ammanchapter/aboutchapter/about
ISACA Amman Chapter
-
-
4. CYBERSECURITY RESEARCH AND DEVELOPMENT 0/4 0%04 0%
-
4.1. Cybersecurity research and development programmes 002
Requirements
CriteriaA cybersecurity research and development (R&D) programme or institute exists and is recognised and/or supported by the government.
Accepted referencesOfficial programme or official website
Evidence
-
4.2. Cybersecurity doctoral studies 002
Requirements
CriteriaAn officially recognised PhD programme exists accommodating research in cybersecurity.
Accepted referencesOfficial programme or official website
Evidence
-
PREVENTIVE CYBERSECURITY INDICATORS
-
5. CYBERSECURITY OF CRITICAL INFORMATION INFRASTRUCTURE 9/12 75%912 75%
-
5.1. Identification of critical information infrastructure 333
Requirements
CriteriaThere is a framework or a mechanism to identify operators of critical information infrastructure.
Accepted referencesLegal or administrative act
Evidence
Evidence presented in a foreign language
Cyber Security Law No. 16 of 2019 Article (6-B-10) assign the responsibilties of the identification and protection of critical infrastructure to NCSC
-
5.2. Cybersecurity requirements for operators of critical information infrastructure 003
Requirements
CriteriaOperators of critical (information) infrastructure are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal act, or mandatory cybersecurity framework or standard
Evidence
-
5.3. Cybersecurity requirements for public sector organisations 333
Requirements
CriteriaPublic sector organisations are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal or administrative act, mandatory cybersecurity framework or standard
Evidence
The Jordanian National Cybersecurity Framework outlines building the necessary capabilities within the sectors, and meeting the subsequent requirements to achieve them.
-
5.4. Competent supervisory authority 333
Requirements
CriteriaA competent authority has been designated and allocated powers to supervise the implementation of cyber/information security measures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
NCSC supervises ministries, government departments, official, public, private and civil institutions and are committed to adhere to policies, standards and controls issued by NCSC.
-
-
6. CYBERSECURITY OF DIGITAL ENABLERS 6/12 50%612 50%
-
6.1. Secure electronic identification 222
Requirements
CriteriaA national electronic identification solution exists that allows for officially recognised and secure electronic identification of natural and/or legal persons.
Accepted referencesLegal act, nationally recognised identification scheme, or official website
Evidence
-
6.2. Electronic signature 222
Requirements
CriteriaA nationally recognised and publicly available solution exists to issue secure and legally binding electronic signatures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
Articles 14/15/16 of the Electronic Transactions Law: Electronic signature systems and other electronic transactions. English version can be accessed here.
-
6.3. Trust services 002
Requirements
CriteriaTrust services (e.g. digital certificates, timestamps, private key management service) are regulated, at least for use in the public sector.
Accepted referencesLegal act or official website
Evidence
-
6.4. Supervisory authority for trust services 002
Requirements
CriteriaAn independent authority has been designated and given the power to supervise trust services and trust service providers.
Accepted referencesLegal act or official website
Evidence
-
6.5. Cybersecurity requirements for cloud services 222
Requirements
CriteriaRequirements are established for the secure use of cloud services in government and/or public sector organisations.
Accepted referencesLegal or administrative act, cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
The Cybersecurity Law regulates cloud services.
Evidence presented in a foreign language
https://www.cbj.gov.jo/EchoBusV3.0/SystemAssets/a94cb48d-863a-47cc-bd20-ce8fa7edaa3e.pdf
The Central Bank of Jordan developed a guide on cloud computing.
https://www.modee.gov.jo/ebv4.0/root_storage/en/eb_list_page/cloudpolicy-2020-english.pdf
Ministry of Digital Economy and Entreprenurship (MoDEE) has developed the Cloud (Platforms & Services) Policy.
-
6.6. Supply chain cybersecurity 002
Requirements
CriteriaRequirements are established to identify and manage cybersecurity risks through the ICT supply chain.
Accepted referencesLegal act or official website
Evidence
-
-
7. CYBER THREAT ANALYSIS AND AWARENESS RAISING 12/12 100%1212 100%
-
7.1. Cyber threat analysis 333
Requirements
CriteriaA government entity has been assigned the responsibility for national-level cybersecurity and/or cyber threat assessments.
Accepted referencesLegal act, statute, or official website
Evidence
Cybersecurity Law No. 16 of 2019, article 6 (no 18)
-
7.2. Public cyber threat reports 333
Requirements
CriteriaPublic cyber threat reports and notifications are issued at least once a year.
Accepted referencesOfficial website, official social media channel, or public report
Evidence
Evidence presented in a foreign language
https://ncsc.jo/Ar/List/Reports_AR
NCSC issues cybersecurity situational awareness reports on a quarterly bases.
-
7.3. Public cybersecurity awareness resources 333
Requirements
CriteriaPublic authorities provide publicly available cybersecurity advisories, tools, and resources for users, organisations, and ICT and cybersecurity professionals.
Accepted referencesOfficial website, public advisories
Evidence
Evidence presented in a foreign language
https://safeonline.jo/Default/Ar
NCSC publishes cybersecurity advisories and brochures on its website and for its stockholders. Recently the center has launched “Safe Online” which is an awareness platform that aims to raise awareness of cybersecurity related issues and provide advisories and guidance to protect individuals in the cyberspace from exposure to cybersecurity incidents such as electronic fraud, theft of information and data, and others incidents.
https://jocert.ncsc.jo/?page_id=217
JOCERT
-
7.4. Cybersecurity awareness raising coordination 333
Requirements
CriteriaThere is an entity with the clearly assigned responsibility to lead and/or coordinate national cybersecurity awareness activities.
Accepted referencesLegal act, official document, or official website
Evidence
Pursuant to Cybersecurity Law No. 16 of 2019, article 6/b/6 the NCSC is Developing the necessary programs to build national capacities and expertise in the field of cybersecurity and enhance awareness of it the national level
-
-
8. PROTECTION OF PERSONAL DATA 2/4 50%24 50%
-
8.1. Personal data protection legislation 222
Requirements
CriteriaThere is a legal act for personal data protection that is applicable to the protection of data online or in digital form.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://ncsc.jo/ebv4.0/root_storage/ar/eb_list_page/personal_data_law_2023.pdf
Personal Data Protection Law No. (24) of 2023 (translated version)
-
8.2. Personal data protection authority 002
Requirements
CriteriaAn independent public supervisory authority has been designated and allocated powers to supervise personal data protection.
Accepted referencesLegal act or official website
Evidence
-
RESPONSIVE CYBERSECURITY INDICATORS
-
9. CYBER INCIDENT RESPONSE 11/14 79%1114 79%
-
9.1. National incident response capacity 333
Requirements
CriteriaThere is a CERT designated with nationwide responsibilities for cyber incident detection and response.
Accepted referencesLegal act or official website
Evidence
JOCERT
-
9.2. Incident reporting obligations 333
Requirements
CriteriaOperators of critical information infrastructure and/or government institutions are obliged to notify the designated competent authorities about cyber incidents.
Accepted referencesLegal act or official website
Evidence
Pursuant to Cyber Security Law No. (16) of 2019”, Article 11, the government department, or official or public institution also undertake to notify the Center immediately upon the occurrence or suspicion of a cybersecurity incident.
Pursuant to Cyber Security Law No. (16) of 2019”, Article 8/b/3 Informing the center of any incident that threatens cybersecurity or related to cyberspace security, and doing everything necessary to avoid it
-
9.3. Cyber incident reporting tool 222
Requirements
CriteriaA publicly available official resource is provided for notifying competent authorities about cyber incidents.
Accepted referencesOfficial website
Evidence
Evidence presented in a foreign language
https://ncsc.jo/AR/Forms/SecurityIncidentReportingService_AR
NCSC
-
9.4. Single point of contact for international cooperation 003
Requirements
CriteriaThe government has designated a single point of contact for international cybersecurity cooperation.
Accepted referencesLegal act or official website
Evidence
-
9.5. Participation in international incident response cooperation 333
Requirements
CriteriaThe national cyber incident response team (CSIRT/CERT/CIRT) participates in international or regional cyber incident response formats.
Accepted referencesOfficial website or official document
Evidence
https://www.first.org/members/teams/jocert
FIRST
https://www.trusted-introducer.org/directory/teams/jocert-jo.html
TF-CSIRT Trusted Introducer
https://www.oic-cert.org/en/allmembers.html
OIC-CERT
-
-
10. CYBER CRISIS MANAGEMENT 5/9 56%59 56%
-
10.1. Cyber crisis management plan 002
Requirements
CriteriaThe government has established a crisis management plan for large-scale cyber incidents.
Accepted referencesLegal act or official website
Evidence
-
10.2. National cyber crisis management exercises 333
Requirements
CriteriaRegular interagency cyber crisis management exercises or crisis management exercises with a cyber component are arranged at the national level at least every other year.
Accepted referencesExercise document, official website, or press release
Evidence
Evidence presented in a foreign language
https://ncsc.jo/Ar/NewsDetails/Cyber_Exercise_2024
NCSC has organized a national cyber crisis management exercise in collaboration with the Jordan Nuclear Research and Training Reactor, Al-Hussein Technical University in August 2024.
-
10.3. Participation in international cyber crisis exercises 222
Requirements
CriteriaThe country participates in an international cyber crisis management exercise at least every other year.
Accepted referencesExercise document/website or press release
Evidence
Evidence presented in a foreign language
https://ncsc.jo/Ar/NewsDetails/cyber_exercise_uae
Participation of the National Cyber Security Center in the Cyber Crisis Preparedness and Management in the Financial Sector – Tabletop Exercise, Dubai, UAE:
A team from the National Cyber Security Center participated in a cyber drill organized by the International Telecommunication Union (ITU) on January 18, 2024, in Dubai, UAE. This drill, part of the Intersec 2024 exhibition, simulated a cyber attack targeting a financial institution and tested participants' ability to respond effectively. It aimed to enhance coordination among national cyber incident response teams, financial institutions, and stakeholders, to improve countries readiness to face cyber threats.
Evidence presented in a foreign language
https://ncsc.jo/Ar/NewsDetails/cyber_exercise_morocco
Participation of the National Cyber Security Center in the ITU Regional Cybersecurity Readiness Exercise, Marrakech, Morocco:
A team from the National Cyber Security Center participated in the regional cyber readiness exercise organized by the ITU from August 29-31, 2024, in Marrakech, Morocco. The drill aimed to bring together the regional cybersecurity community and enhance international cooperation, focusing on the role of national incident response teams (CIRTs, CSIRTs, and CERTs) in countering cyber attacks and protecting vital information infrastructure.
-
10.4. Operational crisis reserve 002
Requirements
CriteriaA mechanism for engaging reserve support has been established to reinforce government bodies in managing cyber crises.
Accepted referencesLegal act or official website
Evidence
-
-
11. FIGHT AGAINST CYBERCRIME 11/16 69%1116 69%
-
11.1. Cybercrime offences in national law 333
Requirements
CriteriaCybercrime offences are defined in national legislation.
Accepted referencesLegal act
Evidence
Cybercrime Law No. 17 of 2023.
Cybercrime Law, 2015.
-
11.2. Procedural law provisions 333
Requirements
CriteriaLegislation defines the powers and procedures for cybercrime investigations and proceedings and for the collection of electronic evidence.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
Cybercrime Law No. 17 of 2023, see for example articles 31,32,33 and 36.
-
11.3. Ratification of or accession to the Convention on Cybercrime 002
Requirements
CriteriaThe country has ratified or acceded to the Council of Europe (CoE) Convention on Cybercrime.
Accepted referencesLegal act on Convention ratification or accession, website of the CoE Treaty Office
Evidence
-
11.4. Cybercrime investigation capacity 333
Requirements
CriteriaLaw enforcement has a specialised function and capacity to prevent and investigate cybercrime offences.
Accepted referencesLegal act or official website
Evidence
https://www.psd.gov.jo/en-us/psd-departments/
There are a number of units in the Public Security Directorate (PSD) that is responsible for detecting, investigating and monitoring cybercrime offences:
-
11.5. Digital forensics capacity 222
Requirements
CriteriaLaw enforcement has a specialised function and capacity for digital forensics.
Accepted referencesLegal act, statute, official document, or official website
Evidence
https://www.jiacc.gov.jo/En/Pages/Organization_Structure
The Integrity and Anti-Corruption Commission has a Digital forensics Lab Section.
-
11.6. 24/7 contact point for international cybercrime 003
Requirements
CriteriaThe government has designated an international 24/7 point of contact for assistance on cybercrime and electronic evidence.
Accepted referencesOfficial website, legal act or statute
Evidence
-
-
12. MILITARY CYBER DEFENCE 4/6 67%46 67%
-
12.1. Military cyber defence capacity 222
Requirements
CriteriaArmed forces have designated units responsible for the cybersecurity of military operations and/or for cyber operations.
Accepted referencesLegal act, statute, other official document or official website
Evidence
The Jordan Armed Forces Computer Emergency Response Team (JAF-CERT) was established in 2017. within the first phase of the National Cyber Security Project (2017-2018)
- Mission: Protect Jordan’s Armed Forces from Cyber-attacks and unauthorized activities, coordinate Military Incident Response and maintain national relationships in order to preserve military operational effectiveness and the security of critical information assets
-
12.2. Military cyber doctrine 002
Requirements
CriteriaThe tasks, principles, and oversight of armed forces for military cyber operations are established by official doctrine or legislation.
Accepted referencesLegal act, official doctrine, or official website
Evidence
-
12.3. Military cyber defence exercises 222
Requirements
CriteriaArmed forces have conducted or participated in a cyber defence exercise or an exercise with a cyber defence component in the past three years.
Accepted referencesOfficial website or official document
-
Information Disclaimer
The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.
What can I do to improve my country's data in NCSI?
Become a data contributor Update a specific indicator with evidence data
CONTRIBUTORS
National Cyber Security Center
