49. Panama 42.86

49th National Cyber Security Index
61st Global Cybersecurity Index
94th ICT Development Index
55th Networked Readiness Index
Population 3.8million
Area (km2) 75.4thousand
GDP per capita ($) 25.7thousand
NCSI FULFILMENT PERCENTAGE
NCSI Update Data source
16 Oct 2018 Public data collection
14 Jun 2018 Government officials
8 Mar 2018 Public data collection
NCSI DEVELOPMENT TIMELINE 2 years All data

Version 16 Oct 2018

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 3/5 60%
    3
    5 60%
    • 5.1. Cyber security responsibility for digital service providers 0
      0
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence
    • 5.2. Cyber security standard for the public sector 0
      0
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

      Evidence
    • 5.3. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

  • 6. Protection of essential services 0/6 0%
    0
    6 0%
    • 6.1. Operators of essential services are identified 0
      0
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 6/9 67%
    6
    9 67%
    • 7.1. Unique persistent identifier 1
      1
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence

      For citizens and residents, it is the Identity Card Number. Its history is explained in the evidence link. 

      As presented, the Identity Card has been regulated by multiple legislative acts. 

      ---------------------------------- (Page 3 of the pdf) ----------------------------------

      Article 16: Any validly issued and registered Personal Identification Card is a document of permanent value, even if the carrier changes his address or residence.

      ----------------------------------------------------------------------------------------------
       

      Article 1: The personal identity card is an authentic document regarding the personal identity of its owner. Its original, or duly authenticated photocopy, is proof of the national or foreign status of its owner and of the other information included in said document.

      Article 2 states that the Identity card must be carried by citizens and legal foreigners older than 18 years old.

      Article 15: In the case of a lost, destroyed or damaged card, the interested party in obtaining a duplicate must comply with the same procedure used to obtain the original card. The card that is so cast will bear the same number that corresponds to the original, with the mention that it is a duplicate.

      Article 19: In any management, action, procedure or diligence that any citizen must perform before an official or public servant, or in a banking or commercial transaction in which it is necessary, said citizen must show his personal identity card, as a means of identification. If such management, action, procedure, diligence or transaction retains a written record, it should contain the numbers of the identification cards of the people who intervene in the document.

      Article 18: The number of the personal identity card must be incorporated into the passport, the driver's license and the Individual Taxpayer Registry used by the Ministry of Economy and Finance, as well as any other type of card issued by any other public institution.

      Article 19 mentions in which occasions the identity card is indispensable.


      For legal persons it is the Registro Único de Contribuyente (RUC)

      The Unique Taxpayer Registry (RUC in Spanish), is the tax identification number of each taxpayer, created by the General Directorate of Revenues, with the purpose of establishing greater fiscal equity and more effective control of tax compliance of individuals, communities, companies, associations, groups, or entities of any kind with or without legal personality that cause or must withhold taxes due to the activities they develop.

      For such purposes, it will be understood that said tax identification number will be:

      a. For natural persons, the same number of the Personal Identity Card.

      b. For legal persons, the registration number in the Public Registry, Commercial Persons section.

      Law 76 of December 22nd, 1976: By which some articles of the Fiscal Code are modified and other tax measures are adopted. Articles 7 - 10 (https://panama.eregulations.org/media/inscripci%C3%B3n%20ruc.doc_1.pdf)

    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 0
      0
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence

      Law 51 of July 22nd, 2008: Which defines and regulates electronic documents and electronic signatures, and the provision of services of technological storage of documents and of certification of electronic signatures, and adopts other provisions for the development of electronic commerce


      Law 82 of November 9th, 2012: Which grants to the Public Registry of Panama the powers of registration authority and electronic signature root certifier for the Republic of Panama, modifies the Law 51 of 2008 and adopts other provisions.


      Executive Decree 684 of October 18th, 2013: Which regulates Law 51 of July 22nd, 2008 and Law 82 of November 9th, 2012, regarding the electronic signature. [P. 22 - 36 of the web link 3 PDF]

    • 7.5. Timestamping 1
      1
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence

      ---------------- For Your Information ----------------
      Law 82 of November 9th, 2012: Which grants to the Public Registry of Panama the powers of registration authority and electronic signature root certifier for the Republic of Panama, modifies the Law 51 of 2008 and adopts other provisions.

      • Article 2 establishes that one of the functions of the Public Registry of Panamá is to offer the service of Time Stamping.
      • Article 7, modifies Article 2 of Law 51 by adding Subpoint 46 which defines Time Stamping and presents possibles synonyms (i.e. sellado de tiempo, fechado electrónico).
         

      Executive Decree 684 of October 18th, 2013: Which regulates Law 51 of July 22nd, 2008 and Law 82 of November 9th, 2012, regarding the electronic signature. [P. 22 - 36 of the PDF]

      • Article 2, Subpoint 17 defines Time Stamping and presents its possible synonyms (i.e. sellado de tiempo, fechado electrónico, marca de hora).
      • Article 3, Subpoint 4 establishes that the Public Registry of Panamá is authorized to offer the service of Time Stamping, among other.
    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      Law No. 82 of November 9, 2012, which grants the Public Registry of Panama powers of registration authority and electronic signature root certifier for the Republic of Panama, modifies Law 51 of 2008 and adopts other provisions.

  • 8. Protection of personal data 0/4 0%
    0
    4 0%
INCIDENT AND CRISIS MANAGEMENT INDICATORS