NCSI FULFILMENT PERCENTAGE
Version 29 Feb 2024 Choose a version
STRATEGIC CYBERSECURITY INDICATORS
-
1. CYBERSECURITY POLICY 15/15 100%1515 100%
-
1.1. High-level cybersecurity leadership 333
Requirements
CriteriaThe country has appointed governmental leadership responsible for cybersecurity at the national level.
Accepted referencesLegal act, national strategy, official statutes or terms of reference, or official website
Evidence
Evidence presented in a foreign language
http://archiwum.mc.gov.pl/departamenty/departament-cyberbezpieczenstwa
Department of Cybersecurity in Ministry of Digital affairs: Department of cybersecurity
-
1.2. Cybersecurity policy development 333
Requirements
CriteriaThere is a competent entity in the central government to whom responsibility is assigned for national cybersecurity strategy and policy development.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
Evidence presented in a foreign language
http://www.dziennikustaw.gov.pl/D2019000094501.pdf
In accordance with the art. 12a and art. 19 item 1a of the Act of 4 September 1997 on division of government administration (ammended by the Act of 5 July 2018 on national cybersecurity system) cybersecurity in Poland is divaded into civilian and military spheres. For a mililtary sphere responsible is Minister of National Defence (art. 19 item 1a) and for a civilian sphere, minister competent for digitalization (currently Minister of Digital Affairs) - art. 12a.
Moreover, a Government Plenipotentiary for Cybersecurity was appointed by the Prime Minister, link above. The new Plenipotentiary is also, at the same time, the Minister of Digital Affairs.The new Plenipotentiary is also, at the same time, the Minister of Digital Affairs. The Plenipotentiary is responsible for coordination of cybersecurity policy of the Council of Ministers of Poland.
Evidence presented in a foreign language
https://www.dziennikustaw.gov.pl/M2020000008701.pdf
Cybersecurity Department at the Ministry of Digital Affairs is in place. Department provides merit, organizational and legal input for the Minister of Digital Affairs in the field of cybersecurity.
Evidence presented in a foreign language
Decision of the Minister of National Defence on establishing National Cybersecurity Center - for conducting cybersecurity activities within the military sphere - within NCSC operates CSIRT MON, one of the CSIRTs at national level. Moreover, a Plenipotentiary of the Minister of National Defence for Cybersecurity was appointed.
-
1.3. Cybersecurity policy coordination 333
Requirements
CriteriaThe country has a regular official format for cybersecurity policy coordination at the national level.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
Evidence presented in a foreign language
https://www.dziennikustaw.gov.pl/D2018000156001.pdf
ACT of July 5, 2018 on the national cybersecurity system, (USTAWA z dnia 5 lipca 2018 r.o krajowym systemie cyberbezpieczeństwa), Chapter 12, art.60-67.
National cybersecurity policy coordination is achieved through the role of Government Plenipotentiary for Cybersecurity and the Advisory Committee for Cyber Security. -
1.4. National cybersecurity strategy 333
Requirements
CriteriaThe central government has established a national-level cybersecurity strategy defining strategic cybersecurity objectives and measures to improve cybersecurity across society.
Accepted referencesValid official document
Evidence
https://www.gov.pl/attachment/6a4aafc6-e339-4cd5-a8e6-cd47257f02d8
Cybersecurity Strategy of the Republic of Poland 2019-2024
Evidence presented in a foreign language
https://www.dziennikustaw.gov.pl/M2019000103701.pdf
Corresponding legal act (Resolution NO 125 of the Council of Ministers of October 22, 2019)
-
1.5. National cybersecurity strategy action plan 333
Requirements
CriteriaThe central government has established an action plan to implement the national cybersecurity strategy.
Accepted referencesCurrent official document, legal act, or official statement
Evidence
Evidence presented in a foreign language
https://www.gov.pl/web/cyfryzacja/krajowy-system-cyberbezpieczenstwa-
“Within half a year of adopting the document, the Minister of Digitization, in cooperation with members of the Council of Ministers, heads of central offices, and the Director of the Government Security Center, will develop and present an Action Plan for the implementation of the Cybersecurity Strategy. The Action Plan will specify specific activities for government administration bodies, along with a schedule for their implementation and metrics enabling the assessment of the implementation status of individual activities.“
-
-
2. GLOBAL CYBERSECURITY CONTRIBUTION 4/6 67%46 67%
-
2.1. Cyber diplomacy engagements 333
Requirements
CriteriaThe government contributes to international or regional cooperation formats dedicated to cybersecurity and cyber stability. (The indicator is limited to strategic-level cooperation; operational-level incident response cooperation and cross-border law enforcement cooperation are addressed separately under other indicators.)
Accepted referencesOfficial website of the organisation or cooperation format, official statement or contribution
Evidence
OSCE
- OSCE – Permanent Council Decision No. 1106, Initial set of OSCE Confidence–Building Measures to reduce the risks of conflict stemming from the use of information and communication technologies
- Permanent Council Decision No. 1202 – OSCE confidence-building measures to reduce the risks of conflict stemming from the use of information and communication technologies.
Background information:
- CCDCOE – Organization for Security and Co-operation in Europe
- OSCE – OSCE participating States, in landmark decision, agree to expand list of measures to reduce risk of tensions arising from cyber activities
- OSCE participating states
Evidence presented in a foreign language
https://www.gov.pl/web/cyfryzacja/wspolpraca-miedzynarodowa1
The Ministry of Digital Affairs (now the Chancellery of the Prime Minister) conducts international cooperation under the following forms of cooperation:
- Horizontal Working Group on Cybersecurity (HWP CI) Cooperation Group established by the European Commission Executive
- The CSIRT network
- European Organization for Cybersecurity (ECSO)
- Central European Cybersecurity Platform (CECSP)
-
2.2. Commitment to international law in cyberspace 111
Requirements
CriteriaThe country has an official position on the application of international law, including human rights, in the context of cyber operations.
Accepted referencesOfficial document or statement, international indexes
Evidence
https://www.gov.pl/attachment/3203b18b-a83f-4b92-8da2-fa0e3b449131
The Republic of Poland’s position on the application of international law in cyberspace (downloadable document)
-
2.3. Contribution to international capacity building in cybersecurity 002
Requirements
CriteriaThe country has led or supported cybersecurity capacity building for another country in the past three years.
Accepted referencesOfficial website or project document
Evidence
-
-
3. EDUCATION AND PROFESSIONAL DEVELOPMENT 10/10 100%1010 100%
-
3.1. Cyber safety competencies in primary education 222
Requirements
CriteriaPrimary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Structural indicators for monitoring education and training systems in Europe 2022, Eurydice background report, link above:
- See Figure 1: Compulsory starting grade and curriculum approaches to teaching digital competence, 2021/2022 (p.28); Poland has it for has it for primary education (ISCED level 1, compulsory separate subject & cross-curricular) and lower secondary education (ISCED level 24, compulsory separate subject).
- See Figure 2: Learning outcomes related to selected digital competences defined in the DigComp framework, 2021/2022 (p.30); Poland has it for Information and Data Literacy (ISCED level 1 & ISCED level 24), Communication and Collaboration (ISCED level 1 & ISCED level 24), Digital Content Creation (ISCED level 1 & ISCED level 24), Safety (ISCED level 1 & ISCED level 24) and Creatively using digital technologies (ISCED level 1 & ISCED level 24).
https://op.europa.eu/en/publication-detail/-/publication/c2fcfd3c-438e-11ed-92ed-01aa75ed71a1
Informatics education at school in Europe, Eurydice report (2022), link above, p. 53, Safety and security, Area 10: Safety and security, Poland (country code “PL”) has it for all levels, i.e., primary & secondary education.
-
3.2. Cyber safety competencies in secondary education 222
Requirements
CriteriaSecondary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Structural indicators for monitoring education and training systems in Europe 2022, Eurydice background report, link above.
- See Figure 1: Compulsory starting grade and curriculum approaches to teaching digital competence, 2021/2022 (p.28); Poland has it for has it for primary education (ISCED level 1, compulsory separate subject & cross-curricular) and lower secondary education (ISCED level 24, compulsory separate subject).
- See Figure 2: Learning outcomes related to selected digital competences defined in the DigComp framework, 2021/2022 (p.30); Poland has it for Information and Data Literacy (ISCED level 1 & ISCED level 24), Communication and Collaboration (ISCED level 1 & ISCED level 24), Digital Content Creation (ISCED level 1 & ISCED level 24), Safety (ISCED level 1 & ISCED level 24) and Creatively using digital technologies (ISCED level 1 & ISCED level 24).
https://op.europa.eu/en/publication-detail/-/publication/c2fcfd3c-438e-11ed-92ed-01aa75ed71a1
Informatics education at school in Europe, Eurydice report (2022), link above, p. 53, Safety and security, Area 10: Safety and security, Poland (country code “PL”) has it for all levels, i.e., primary & secondary education.
-
3.3. Undergraduate cybersecurity education 222
Requirements
CriteriaAt least one undergraduate education programme is available in the country to train students in cybersecurity.
Accepted referencesAccredited study programme
Evidence
Evidence presented in a foreign language
- University of Economics and Human Sciences in Warsaw
- Coventry University Wrocław
- AGH University of Science and Technology
See also CYBERHEAD – Cybersecurity Higher Education Database
-
3.4. Graduate cybersecurity education 333
Requirements
CriteriaAt least one cybersecurity education programme is available in the country at the graduate level.
Accepted referencesAccredited study programme
Evidence
Evidence presented in a foreign language
See also CYBERHEAD – Cybersecurity Higher Education Database
-
3.5. Association of cybersecurity professionals 111
Requirements
CriteriaA professional association of cybersecurity specialists, managers, or auditors exists in the country.
Accepted referencesOfficial website
Evidence
https://engage.isaca.org/warsawchapter/home
ISACA Warsaw Chapter
-
-
4. CYBERSECURITY RESEARCH AND DEVELOPMENT 2/4 50%24 50%
-
4.1. Cybersecurity research and development programmes 222
Requirements
CriteriaA cybersecurity research and development (R&D) programme or institute exists and is recognised and/or supported by the government.
Accepted referencesOfficial programme or official website
Evidence
Evidence presented in a foreign language
https://www.nask.pl/pl/o-nas/kim-jestesmy/3261,O-NASK.html
NASK is a state research institute supervised by the Ministry of Digitization.
NASK-PIB operates at the intersection of the worlds of science and business. With analytical and research and development facilities, it has the opportunity to conduct its own research, analyze the use of new technologies and implement these solutions. The aim of research and development work related to cybersecurity is to develop new, effective methods and techniques for identifying, analyzing and responding to threats to the security of networks and ICT systems, as well as their practical use to create innovative NASK products, including those enabling detection and counteracting threats.
-
4.2. Cybersecurity doctoral studies 002
Requirements
CriteriaAn officially recognised PhD programme exists accommodating research in cybersecurity.
Accepted referencesOfficial programme or official website
Evidence
-
PREVENTIVE CYBERSECURITY INDICATORS
-
5. CYBERSECURITY OF CRITICAL INFORMATION INFRASTRUCTURE 12/12 100%1212 100%
-
5.1. Identification of critical information infrastructure 333
Requirements
CriteriaThere is a framework or a mechanism to identify operators of critical information infrastructure.
Accepted referencesLegal or administrative act
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
ACT of July 5, 2018 on the national cybersecurity system (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Part 2 Art 5-7.
-
5.2. Cybersecurity requirements for operators of critical information infrastructure 333
Requirements
CriteriaOperators of critical (information) infrastructure are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal act, or mandatory cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
ACT of July 5, 2018 on the national cybersecurity system (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Part 3 Art 8-16.
-
5.3. Cybersecurity requirements for public sector organisations 333
Requirements
CriteriaPublic sector organisations are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal or administrative act, mandatory cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
ACT of July 5, 2018 on the national cybersecurity system (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Part 5 Art 21-25.
-
5.4. Competent supervisory authority 333
Requirements
CriteriaA competent authority has been designated and allocated powers to supervise the implementation of cyber/information security measures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
Ministry of Digital Affairs & authorities competent in the field of cybersecurity, see ACT of July 5, 2018 on the national cybersecurity system (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Part 11 Art 53.
-
-
6. CYBERSECURITY OF DIGITAL ENABLERS 10/12 83%1012 83%
-
6.1. Secure electronic identification 222
Requirements
CriteriaA national electronic identification solution exists that allows for officially recognised and secure electronic identification of natural and/or legal persons.
Accepted referencesLegal act, nationally recognised identification scheme, or official website
Evidence
Evidence presented in a foreign language
https://www.gov.pl/web/profilzaufany
Profil zaufany
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160001579
Act of September 5, 2016 on Trust Services and Electronic Identification
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20200001194
Regulation of the Minister of Digitalisation of June 29, 2020, on the Trusted Profile and Trusted Signature
-
6.2. Electronic signature 222
Requirements
CriteriaA nationally recognised and publicly available solution exists to issue secure and legally binding electronic signatures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=wdu20160001579
Act of September 5, 2016 on Trust Services and Electronic Identification. See for example Articles 10, 14, 15, 16, 17, 18, 20, 21
Evidence presented in a foreign language
https://www.biznes.gov.pl/pl/portal/0075
Overview of qualified signature
-
6.3. Trust services 222
Requirements
CriteriaTrust services (e.g. digital certificates, timestamps, private key management service) are regulated, at least for use in the public sector.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160001579
Act of 5 September 2016 on trust services and electronic identification (Transposition of eIDAS)
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001544
Act of July 5, 2018 amending the Act on trust services and the legal basis and other acts (Ustawa z dnia 5 lipca 2018 r. o zmianie ustawy o usługach zaufania oraz identyfikacji elektronicznej oraz niektórych innych ustaw)
-
6.4. Supervisory authority for trust services 222
Requirements
CriteriaAn independent authority has been designated and given the power to supervise trust services and trust service providers.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160001579
Article 27 of the Act of 5 September 2016 on trust services and electronic identification. The competent supervisory authority is the Ministry of Digital Affairs
https://eidas.ec.europa.eu/efda/browse/notification/supervisory-bodies
-
6.5. Cybersecurity requirements for cloud services 222
Requirements
CriteriaRequirements are established for the secure use of cloud services in government and/or public sector organisations.
Accepted referencesLegal or administrative act, cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://chmura.gov.pl/zuch/static/media/SCCO_v_1.00.pdf
SCCO – Cybersecurity Standards for Cloud Computing (2020)
-
6.6. Supply chain cybersecurity 002
Requirements
CriteriaRequirements are established to identify and manage cybersecurity risks through the ICT supply chain.
Accepted referencesLegal act or official website
Evidence
-
-
7. CYBER THREAT ANALYSIS AND AWARENESS RAISING 12/12 100%1212 100%
-
7.1. Cyber threat analysis 333
Requirements
CriteriaA government entity has been assigned the responsibility for national-level cybersecurity and/or cyber threat assessments.
Accepted referencesLegal act, statute, or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
Act of 5 July 2018 on the National Cybersecurity System, see Article 26
Evidence presented in a foreign language
-
7.2. Public cyber threat reports 333
Requirements
CriteriaPublic cyber threat reports and notifications are issued at least once a year.
Accepted referencesOfficial website, official social media channel, or public report
Evidence
Evidence presented in a foreign language
Annual Reports of CERT Polska/ CSIRT NASK
Evidence presented in a foreign language
https://csirt.gov.pl/cer/publikacje/raporty-o-stanie-bezpi
Annual reports of CSIRT GOV
-
7.3. Public cybersecurity awareness resources 333
Requirements
CriteriaPublic authorities provide publicly available cybersecurity advisories, tools, and resources for users, organisations, and ICT and cybersecurity professionals.
Accepted referencesOfficial website, public advisories
Evidence
Evidence presented in a foreign language
- Official portal of the government of Poland – dedicated cybersecurity database - main aim: enhancing public cyber awarness (best practices, recommendations etc.)
- Ministry of Digital Affairs – cybersecurity
- CSIRT GOV
- CSIRT GOV Publications
- National Cyber security Centre (Narodowe Centrum Bezpieczeństwa Cyberprzestrzeni)
- CSIRT NASK
-
7.4. Cybersecurity awareness raising coordination 333
Requirements
CriteriaThere is an entity with the clearly assigned responsibility to lead and/or coordinate national cybersecurity awareness activities.
Accepted referencesLegal act, official document, or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
ACT of July 5, 2018 on the national cybersecurity system (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), see Part 9 Art 45(4)
-
-
8. PROTECTION OF PERSONAL DATA 4/4 100%44 100%
-
8.1. Personal data protection legislation 222
Requirements
CriteriaThere is a legal act for personal data protection that is applicable to the protection of data online or in digital form.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001000
Personal Data Protection Act of 10 May 2018 (Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych)
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20190000730
Act of 21 February 2019 amending the Act in connection with ensuring the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of legal persons with regard to the use of personal data and on freedom of access to such data and the use of services 95/46/EC (General Data Protection Regulation)
-
8.2. Personal data protection authority 222
Requirements
CriteriaAn independent public supervisory authority has been designated and allocated powers to supervise personal data protection.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
The President of UODO is the central public administration body for the protection of personal data in Poland.
-
RESPONSIVE CYBERSECURITY INDICATORS
-
9. CYBER INCIDENT RESPONSE 14/14 100%1414 100%
-
9.1. National incident response capacity 333
Requirements
CriteriaThere is a CERT designated with nationwide responsibilities for cyber incident detection and response.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
Act of 5 July 2018 on the National Cybersecurity System (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Articles 2, 4, 26
- CSIRT GOV – Security Incident Response Team Computer Center operating at the national level, run by the Chief Internal Security Agency
- CSIRT MON – Security Incident Response Team Computer operating at the national level, run by Minister of National Defense
- CSIRT NASK (CERT) – Security Incident Response Team Computer operating at the national level, run by Scientific and Academic Computer Network – National Research Institute
-
9.2. Incident reporting obligations 333
Requirements
CriteriaOperators of critical information infrastructure and/or government institutions are obliged to notify the designated competent authorities about cyber incidents.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
Act of 5 July 2018 on the National Cybersecurity System (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Chapter 3 Art. 11
-
9.3. Cyber incident reporting tool 222
Requirements
CriteriaA publicly available official resource is provided for notifying competent authorities about cyber incidents.
Accepted referencesOfficial website
Evidence
Evidence presented in a foreign language
-
9.4. Single point of contact for international cooperation 333
Requirements
CriteriaThe government has designated a single point of contact for international cybersecurity cooperation.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560
Act of 5 July 2018 on the National Cybersecurity System (USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa), Part 9 Art. 48-50
Single point of contact
Ministry of Digital Affairs, Department of cybersecurity
Address: Królewska Str. 27, 00-060 Warsaw
E-mail: ppk_ksc@mc.gov.pl
Phone: +48 22 245 59 22
-
9.5. Participation in international incident response cooperation 333
Requirements
CriteriaThe national cyber incident response team (CSIRT/CERT/CIRT) participates in international or regional cyber incident response formats.
Accepted referencesOfficial website or official document
Evidence
https://csirtsnetwork.eu/#network_members
https://www.trusted-introducer.org/directory/teams.html#url=q%3DPoland
TF-CSIRT Trusted Introducer
https://www.first.org/members/teams/#poland
FIRST – NASK
-
-
10. CYBER CRISIS MANAGEMENT 6/9 67%69 67%
-
10.1. Cyber crisis management plan 222
Requirements
CriteriaThe government has established a crisis management plan for large-scale cyber incidents.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.gov.pl/web/rcb/krajowy-plan-zarzadzania-kryzysowego
The National Crisis Management Plan (KPZK) is a planning document prepared by the Government Security Center in cooperation with ministries, central offices and provinces, based on the Crisis Management Act.
-
10.2. National cyber crisis management exercises 003
Requirements
CriteriaRegular interagency cyber crisis management exercises or crisis management exercises with a cyber component are arranged at the national level at least every other year.
Accepted referencesExercise document, official website, or press release
Evidence
-
10.3. Participation in international cyber crisis exercises 222
Requirements
CriteriaThe country participates in an international cyber crisis management exercise at least every other year.
Accepted referencesExercise document/website or press release
-
10.4. Operational crisis reserve 222
Requirements
CriteriaA mechanism for engaging reserve support has been established to reinforce government bodies in managing cyber crises.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://terytorialsi.wp.mil.pl/cyberkomponent
The Cyberspace Action Team (Zespoł Działan Cyberprzestrzennych - ZDC) is a part of the Cyber Defence Forces (Wojsk Obrony Cyberstrzestrzeni - WOC).
-
-
11. FIGHT AGAINST CYBERCRIME 16/16 100%1616 100%
-
11.1. Cybercrime offences in national law 333
Requirements
CriteriaCybercrime offences are defined in national legislation.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU19970880553/U/D19970553Lj.pdf
Penal Code
- Art. 190a § 2 - impersonation of another person, false profiles,
- Art. 267 § 1 of the Penal Code - unauthorized obtaining of information (hacking),
- Art. 267 § 2 of the Penal Code - eavesdropping of computers (sniffing),
- Art. 268 § 2 of the Penal Code - thwarting obtaining information,
- Art. 268a of the Penal Code - thwarting access to IT data,
- Article 269 § 1 and 2 of the Penal Code - computer sabotage,
- Art. 269a of the Penal Code - dissemination of malicious programs and cracking,
- Art. 269b of the Penal Code - so-called "Hacker tools",
- Art. 286 of the Penal Code - fraud committed via the Internet,
- Art. 287 of the Penal Code - computer fraud.
-
11.2. Procedural law provisions 333
Requirements
CriteriaLegislation defines the powers and procedures for cybercrime investigations and proceedings and for the collection of electronic evidence.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=wdu19970890555
Code of Criminal Procedure
https://www.coe.int/en/web/octopus/-/poland
For additional information see CoE’s country page on Poland → Procedural Law
Evidence presented in a foreign language
Legal and technical aspects of identifying a cybercriminal
-
11.3. Ratification of or accession to the Convention on Cybercrime 222
Requirements
CriteriaThe country has ratified or acceded to the Council of Europe (CoE) Convention on Cybercrime.
Accepted referencesLegal act on Convention ratification or accession, website of the CoE Treaty Office
Evidence
https://www.coe.int/en/web/conventions/full-list?module=signatures-by-treaty&treatynum=185
Entry into force: 01/06/2015
-
11.4. Cybercrime investigation capacity 333
Requirements
CriteriaLaw enforcement has a specialised function and capacity to prevent and investigate cybercrime offences.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
Central Office For Combating Cybercrime
-
11.5. Digital forensics capacity 222
Requirements
CriteriaLaw enforcement has a specialised function and capacity for digital forensics.
Accepted referencesLegal act, statute, official document, or official website
Evidence
Evidence presented in a foreign language
Central Forensic Laboratory of the Police
Evidence presented in a foreign language
https://clkp.policja.pl/clk/clkp/struktura/162760,Struktura-organizacyjna-CLKP.html
Organisational Structure of CLPK
-
11.6. 24/7 contact point for international cybercrime 333
Requirements
CriteriaThe government has designated an international 24/7 point of contact for assistance on cybercrime and electronic evidence.
Accepted referencesOfficial website, legal act or statute
Evidence
https://rm.coe.int/cyber-list-of-competent-authorities-july-2023/1680ac0d0f
Cybercrime Division, Cybercrime Bureau, National Police Headquarters
-
-
12. MILITARY CYBER DEFENCE 6/6 100%66 100%
-
12.1. Military cyber defence capacity 222
Requirements
CriteriaArmed forces have designated units responsible for the cybersecurity of military operations and/or for cyber operations.
Accepted referencesLegal act, statute, other official document or official website
Evidence
Evidence presented in a foreign language
https://www.cyber.mil.pl/co-robimy/
CYBER.MIL.PL
Evidence presented in a foreign language
https://www.wojsko-polskie.pl/woc/publikacje1/
Evidence presented in a foreign language
https://www.gov.pl/web/obrona-narodowa/wojska-obrony-cyberprzestrzeni
Cyber Defence Forces
-
12.2. Military cyber doctrine 222
Requirements
CriteriaThe tasks, principles, and oversight of armed forces for military cyber operations are established by official doctrine or legislation.
Accepted referencesLegal act, official doctrine, or official website
Evidence
Decision No. 63156 of the Minister of National Defense of June 16, 2020 regarding the introduction into use of the doctrinal document Operations in cyberspace - DD-3.20
-
12.3. Military cyber defence exercises 222
Requirements
CriteriaArmed forces have conducted or participated in a cyber defence exercise or an exercise with a cyber defence component in the past three years.
Accepted referencesOfficial website or official document
Evidence
Evidence presented in a foreign language
Locked Shields 2023. More information can also be seen here.
-
Information Disclaimer
The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.
What can I do to improve my country's data in NCSI?
Become a data contributor Update a specific indicator with evidence data
CONTRIBUTORS
Independent Country Contributor