Scroll Top

Information Security Reference

The National Information Security Repository (NISR) aims to establish governance and common approach to information security within companies and organizations. The NISR defines minimum-security requirements needed to manage, resist, and reduce the impact of potential threats.

The repository presents security controls and best practices to be adopted by public organizations, with a particular focus on training and awareness for users about the associated risks, as well as the periodic assessment of controls to ensure continued satisfaction of security requirements and compliance with regulatory obligations.

The NISR 2020 consists of twenty (20) domains:

  • Asset Management
  • Personal Data Protection
  • Access Management and Control
  • Mobile Device Security
  • Network Security
  • Information System Security
  • Operations-Related Security
  • Critical Information System Security
  • Cloud Service Security
  • Cryptography
  • Physical Security
  • Internet of Things (IoT) Security
  • Monitoring and Logging
  • Security Incident Management
  • Business Continuity Management
  • Human Resources
  • Social Media Network Security
  • Security Integration during Software Development Lifecycle
  • Security Requirements for Information Technology (IT) Projects
  • Third-Party Relationships

As a reminder, the first version of the national information security repository was launched in 2016 and included seven (07) axes:

  • Asset Management;
  • End-User Security;
  • Network Security;
  • System Security;
  • Physical Security;
  • System Control;
  • Risk Management and Incident Recovery.
Download the information security reference guide