NCSI FULFILMENT PERCENTAGE
Version 24 Apr 2023
GENERAL CYBER SECURITY INDICATORS
-
1. Cyber security policy development 7/7 100%77 100%
-
1.1. Cyber security policy unit 333
Requirements
CriteriaA central government entity (ministry or equivalent) has a specialised official or unit responsible for national cyber security policy development.
Accepted referencesOfficial website or legal act
Evidence
The mission of the Information Society and Digital Economy Policy and Regulation Directorate (within the Ministry of Economic Development and Digitization) is to develop effective public policies and analyze the current situation in the fields of information society, information technology, digital economy, cyber security and Internet governance, to address the identified challenges.
-
1.2. Cyber security policy coordination format 222
Requirements
CriteriaThe central government has a committee, council, working group, etc. for national-level cyber security policy coordination.
Accepted referencesOfficial website or legal act
Evidence
https://gov.md/en/content/moldovan-cabinet-sets-coordination-council-ensuring-information-security
On July 6, 2022, the Government of Moldova adopted the decision to create a Coordinating Council for Information Security (Council).
The Council has consultative and operational responsibilities, to estimate the level of danger on information security at national level and propose actions to resolve the reported incidents. Its core function is to promote and coordinate measures to implement information and cybersecurity policies. The Council consist of representatives of public institutions, justice sector, media public institutions and IT companies. The Council is potentially an important body that will ensure an important mechanism for involvement and input from public-private actors.
Link to the news regarding one of the Council working sessions (in romanian).
https://www.legis.md/cautare/getResults?doc_id=132064&lang=ro
DECISION No. 467 of 06-07-2022 regarding the creation of the coordinating Council for ensuring informational security
-
1.3. Cyber security strategy 111
Requirements
CriteriaThe central government has established a national-level cyber security strategy or other equivalent document.
Accepted referencesValid official document
Evidence
https://www.legis.md/cautare/getResults?doc_id=111979&lang=ro
National Cyber Security Strategy (NCSS) of the Republic of Moldova for the years 2019-2024, approved by the Government Decision no. 257 of 22.11.2018.
-
1.4. Cyber security strategy implementation plan 111
Requirements
CriteriaThe central government has established an implementation plan to the national-level cyber security strategy or other equivalent document.
Accepted referencesValid official document or its enforcement act
Evidence
https://www.legis.md/cautare/getResults?doc_id=111979&lang=ro
National Cyber Security Strategy (NCSS) of the Republic of Moldova for the years 2019-2024, comes with its own Implementation Plan (Annex 2).
-
-
2. Cyber threat analysis and information 1/5 20%15 20%
-
2.1. Cyber threats analysis unit 003
Requirements
CriteriaA central government entity has a national-level unit that is specialised in national strategic cyber threat situation analysis.
Accepted referencesOfficial website or legal act
Evidence
-
2.2. Public cyber threat reports are published annually 001
Requirements
CriteriaThe public part of the national cyber threat situation analysis is published at least once a year.
Accepted referencesOfficial public report
Evidence
-
2.3. Cyber safety and security website 111
Requirements
CriteriaPublic authorities provide at least one cyber safety and security website for cyber security and ICT professionals, and regular users.
Accepted referencesWebsite
Evidence
https://stisc.gov.md/ro/noutati
CERT GOV MD, as the central point for reporting and coordinating cybersecurity incidents, publishes weekly news in the field and various materials regarding cyber security awareness.
https://stisc.gov.md/ro/alerte
CERT GOV MD publishes alerts regarding cyber threats.
The SigurOnline website promotes the safe use of the Internet and provides information for children, parents and teachers.
-
-
3. Education and professional development 7/9 78%79 78%
-
3.1. Cyber safety competencies in primary or secondary education 111
Requirements
CriteriaPrimary or secondary education curricula include cyber safety / computer safety competences.
Accepted referencesOfficial curriculum or official report
Evidence
https://mecc.gov.md/sites/default/files/informatica_curriculum_gimnaziu_rom.pdf
Primary curricula includes cyber safety competencies.
https://mecc.gov.md/sites/default/files/informatica_curriculum_liceu_rom.pdf
Secondary curricula includes cyber safety competencies.
-
3.2. Bachelor’s level cyber security programme 222
Requirements
CriteriaThere is at least one cyber security / electronic information security focused programme at Bachelor’s or equivalent level.
Accepted referencesAccredited study programme
Evidence
https://fcim.utm.md/programe-de-licenta/securitate-informationala/
The Technical University of Moldova, Department of Software Engineering and Informatics, there is the specialty - 06I3.2 “Informational Security”, cycle I, License (240 ECTS study credits), with teaching in the Romanian language.
-
3.3. Master’s level cyber security programme 222
Requirements
CriteriaThere is at least one cyber security / electronic information security focused programme at Master’s or equivalent level.
Accepted referencesAccredited study programme
Evidence
https://fcim.utm.md/programe-de-master/securitate-informationala-masterat/
The Technical University of Moldova has a Master’s level cyber security programme (90 ECTS study credits), with the learning period of 1.5 years.
-
3.4. PhD level cyber security programme 222
Requirements
CriteriaThere is at least one cyber security / electronic information security focused programme at PhD or equivalent level.
Accepted referencesAccredited study programme
Evidence
Within the Technical University of Moldova, the Faculty of Electronics and Telecommunications offers Doctoral programs for:
232.03 – Technologies and Systems in Information Security -
3.5. Cyber security professional association 002
Requirements
CriteriaThere is a professional association of cyber/electronic information security specialists, managers or auditors.
Accepted referencesWebsite
Evidence
-
-
4. Contribution to global cyber security 2/6 33%26 33%
-
4.1. Convention on Cybercrime 111
Requirements
CriteriaThe country has ratified the Convention on Cybercrime.
Accepted referencesOfficial website of the convention
Evidence
https://www.legis.md/cautare/getResults?doc_id=23601&lang=ro
Law no.6 from 02.02.2009 to ratify the Council of Europe Convention on Cybercrime
https://www.coe.int/en/web/conventions/full-list?module=signatures-by-treaty&treatynum=185
Entry into force: 01/09/2009
-
4.2. Representation in international cooperation formats 111
Requirements
CriteriaThe government is regularly represented in a cooperation format that is dedicated to international cyber security (e.g. FIRST).
Accepted referencesOfficial website of the cooperation format
Evidence
https://www.first.org/members/teams/?#moldova
CERT GOV MD is the member of the Forum of Incident Response and Security Teams (FIRST).
https://www.trusted-introducer.org/directory/teams/cert-gov-md.html
CERT GOV MD is the member of the Trusted Introducer Service, that acts as the trusted backbone of infrastructure services and serves as clearinghouse for all security and incident response teams.
https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Status_ITU_IMPACT.pdf
ITU-IMPACT
-
4.3. International cyber security organisation hosted by the country 003
Requirements
CriteriaA regional or international cyber security organisation is hosted by the country.
Accepted referencesOrganisation’s official website
Evidence
-
4.4. Cyber security capacity building for other countries 001
Requirements
CriteriaThe country has (co-)financed or (co-)organised at least one capacity building project for another country in the last 3 years.
Accepted referencesOfficial website or project document
Evidence
-
BASELINE CYBER SECURITY INDICATORS
-
5. Protection of digital services 1/5 20%15 20%
-
5.1. Cyber security responsibility for digital service providers 001
Requirements
CriteriaAccording to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.
Accepted referencesLegal act
Evidence
-
5.2. Cyber security standard for the public sector 111
Requirements
CriteriaPublic sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.
Accepted referencesLegal act
Evidence
http://lex.justice.md/viewdoc.php?action=view&view=doc&id=369772&lang=2
Government decision No. 201 from 2017 regarding the approval of minimum compulsory cyber security requirements.
-
5.3. Competent supervisory authority 003
Requirements
CriteriaThe government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.
Accepted referencesOfficial website or legal act
Evidence
-
-
6. Protection of essential services 0/6 0%06 0%
-
6.1. Operators of essential services are identified 001
Requirements
CriteriaThere is a legal act that allows to identify operators of essential services.
Accepted referencesLegal act
Evidence
-
6.2. Cyber security requirements for operators of essential services 001
Requirements
CriteriaAccording to the legislation, operators of essential services must manage cyber/ICT risks.
Accepted referencesLegal act
Evidence
-
6.3. Competent supervisory authority 003
Requirements
CriteriaThe government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.
Accepted referencesOfficial website or legal act
Evidence
-
6.4. Regular monitoring of security measures 001
Requirements
CriteriaOperators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).
Accepted referencesLegal act
Evidence
-
-
7. E-identification and trust services 9/9 100%99 100%
-
7.1. Unique persistent identifier 111
Requirements
CriteriaThe government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.
Accepted referencesLegal act
Evidence
http://lex.justice.md/viewdoc.php?action=view&view=doc&id=326009&lang=2
Law on State Registration of Legal Entities And individual entrepreneurs (No. 220 from 2007). Article 11. The registration procedure says: (2) The legal entity at registration shall be assigned a state identification number (IDNO), which shall be indicated on the title sheet of the instruments of incorporation. Government decision "State Register of the Population" and the Regulation on the State Registry of the Population” (No.. 333 from 2002). Article 13. “Categories of identification number”: Identification Number of Person (IDNP) shall be assigned to each individual at the time of initially entering the data about it in the RSPP and remains unchanged throughout the lifetime of such data, and shall be included in all documents of the individual concerned.
http://lex.justice.md/viewdoc.php?action=view&view=doc&id=296142&lang=2
-
7.2. Requirements for cryptosystems 111
Requirements
CriteriaRequirements for cryptosystems in the field of trust services are regulated.
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=131642&lang=ro
Law No.124 from 19.05.2022 regarding electronic identification and trusted services
https://www.legis.md/cautare/getResults?doc_id=132075&lang=ro#
Order SIS (Security and Intelligence Service) No.69 from 15.07.2016 (updated by Order SIS no. 40 of 29.06.22) regarding the approval of the Technical Norms in the field of advanced qualified electronic signature.
-
7.3. Electronic identification 111
Requirements
CriteriaElectronic identification is regulated.
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=131642&lang=ro
Law No.124 from 19.05.2022 regarding electronic identification and trusted services, see Articles 1-2 and Chapter II (Electronic Identification and Trust Services).
http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=350151
Government Decision No. 841 of 30.10.2013 (updated on 17.04.2018) regarding the implementation of the electronic identity card.
-
7.4. Electronic signature 111
Requirements
CriteriaE-signature is regulated
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=131642&lang=ro
Law No.124 from 19.05.2022 regarding electronic identification and trusted services, see for example Articles 2, 10, 11, 13, 15 and Section 2 (Electronic signature and electronic seal)
-
7.5. Timestamping 111
Requirements
CriteriaTimestamping is regulated.
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=131642&lang=ro
Section 3. "Electronic timestamps" from the Law No.124 from 19.05.2022 regarding electronic identification and trusted services.
-
7.6. Electronic registered delivery service 111
Requirements
CriteriaElectronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.
Accepted referencesLegal act
Evidence
https://www.egov.md/en/content/government-interoperability-platform
The Government e-services exchange data via the government interoperability platform “M-Connect”. Also, government institutions are connected to the Private Government Network managed by the Center of Special Telecommunications.
-
7.7. Competent supervisory authority 333
Requirements
CriteriaThere is an authority responsible for the supervision of qualified trust service providers.
Accepted referencesOfficial website or legal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=131642&lang=ro
The Law No.124 from 19.05.2022 regarding electronic identification and trusted services.
Article 35 (1): "The supervisory and control body is the Intelligence and Security Service of the Republic of Moldova.”
-
-
8. Protection of personal data 4/4 100%44 100%
-
8.1. Personal data protection legislation 111
Requirements
CriteriaThere is a legal act for personal data protection.
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=136439&lang=ro#
The Law No. 133 from 08.07.2011 regarding the protection of personal data (updated by LP No.60 from 17.03.2023)
https://datepersonale.md/en/legislation/national-legislation/law/
General normative framework regarding the protection of personal data.
-
8.2. Personal data protection authority 333
Requirements
CriteriaThere is an independent public supervisory authority that is responsible for personal data protection.
Accepted referencesOfficial website or legal act
Evidence
-
INCIDENT AND CRISIS MANAGEMENT INDICATORS
-
9. Cyber incidents response 3/6 50%36 50%
-
9.1. Cyber incidents response unit 333
Requirements
CriteriaThe government has a unit (CSIRT, CERT, CIRT, etc.) that is specialised in national-level cyber incident detection and response.
Accepted referencesOfficial website or legal act
Evidence
https://stisc.gov.md/ro/cert-gov-md
CERT-GOV-MD is the central point for reporting and coordinating security incidents in communication and IT systems, administered by STISC.
-
9.2. Reporting responsibility 001
Requirements
CriteriaDigital service providers and operators of essential services have an obligation to notify appointed government authorities of cyber security incidents.
Accepted referencesLegal act
Evidence
-
9.3. Single point of contact for international coordination 002
Requirements
CriteriaThe government has designated a single point of contact for international cyber security coordination.
Accepted referencesOfficial website or legal act
Evidence
-
-
10. Cyber crisis management 0/5 0%05 0%
-
10.1. Cyber crisis management plan 001
Requirements
CriteriaThe government has established a crisis management plan for large-scale cyber incidents.
Accepted referencesLegal act
Evidence
-
10.2. National-level cyber crisis management exercise 002
Requirements
CriteriaThe government has conducted a national-level cyber crisis management exercise or a crisis management exercise with a cyber component in the last 3 years.
Accepted referencesExercise document/website or press release
Evidence
-
10.3. Participation in international cyber crisis exercises 001
Requirements
CriteriaThe country's team has participated in an international cyber crisis management exercise in the last 3 years.
Accepted referencesExercise document/website or press release
Evidence
-
10.4. Operational support of volunteers in cyber crises 001
Requirements
CriteriaThe procedures for using volunteers in the field of cyber security are established by legislation.
Accepted referencesLegal act
Evidence
-
-
11. Fight against cybercrime 9/9 100%99 100%
-
11.1. Cybercrimes are criminalised 111
Requirements
CriteriaCybercrimes are defined by legislation.
Accepted referencesLegal act
Evidence
https://www.legis.md/cautare/getResults?doc_id=136501&lang=ro#
Criminal Code of the Republic of Moldova, Chapter XI "Computer crimes and crimes in the field of telecommunications".
-
11.2. Cybercrime unit 333
Requirements
CriteriaThere is a government entity with a specific function of combatting cybercrime.
Accepted referencesOfficial website or legal act
Evidence
The Center for Combating Cyber Crimes of the National Investigation Inspectorate (NII) of the General Inspectorate of Police (GIP), was founded on 5 March 2013, after the reform of the MIA, according to the Government Decision No 986 of 24 December 2012, and it is a subdivision, which performs investigative activity, especially combatting cybercrime, serious crimes, or crimes that have big social impact, with national or transboundary spreading, committed using information systems and modern technical means.
https://procuratura.md/index.php/en/despre-noi/structura.html
There is also a Information Technology and Cybercrime Division at the Office of the Prosecutor General.
-
11.3. Digital forensics unit 333
Requirements
CriteriaThere is a government entity with a specific function of digital forensics.
Accepted referencesOfficial website or legal act
Evidence
The Center for Combating Cyber Crimes (CCCI) of the National Investigation Inspectorate (NII) of the General Inspectorate of Police (GIP), was founded on 5 March 2013, after the reform of the MIA, according to the Government Decision No 986 of 24 December 2012, and it is a subdivision, which performs investigative activity, especially combatting cybercrime, serious crimes, or crimes that have big social impact, with national or transboundary spreading, committed using information systems and modern technical means.
http://ctcej.politia.md/ro/examin%C4%83ri
The Technical-forensic and Forensic Expertise Center (CTCEJ) conducts Examinations of IT.
-
11.4. 24/7 contact point for international cybercrime 222
Requirements
CriteriaThe government has designated an international 24/7 contact point for cybercrimes.
Accepted referencesOfficial website or legal act
Evidence
There are two official contact points in the Republic of Moldova: 1) Section for combating IT-crimes at the Office of the Prosecutor General 2) Center for combating cybercrime at the National Inspectorate for Investigations
-
-
12. Military cyber operations 1/6 17%16 17%
-
12.1. Cyber operations unit 003
Requirements
CriteriaMilitary forces have a unit (cyber command, etc.) that is specialised in planning and conducting cyber operations.
Accepted referencesOfficial website or legal act
Evidence
-
12.2. Cyber operations exercise 002
Requirements
CriteriaMilitary forces have conducted a cyber operations exercise or an exercise with a cyber operations component in the country in the last 3 years.
Accepted referencesExercise document/website or press release
Evidence
-
12.3. Participation in international cyber exercises 111
Requirements
CriteriaThe country's military team has participated in an international cyber operations exercise in the last 3 years.
Accepted referencesExercise document/website or press release
Evidence
https://www.army.md/index.php/duhovniceti/inf/12319398454?lng=3&action=show&cat=122&obj=7733
A National Army contingent participated in the Communications and computer science exercise "Citadel 2022", which takes place in Romania.
Locked Shields 2023
-
Information Disclaimer
The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.
What can I do to improve my country's data in NCSI?
Become a data contributor Update a specific indicator with evidence data
CONTRIBUTORS
Independent Expert
e-Governance Agency Moldova
