1. POLICY ON THE SECURITY OF NETWORK AND INFORMATION SYSTEMS
2. RISK MANAGEMENT POLICY
3. INCIDENT HANDLING
4. BUSINESS CONTINUITY AND CRISIS MANAGEMENT
5. SUPPLY CHAIN SECURITY
6. SECURITY IN NETWORK AND INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE
7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY
10. HUMAN RESOURCES SECURITY
11. ACCESS CONTROL
12. ASSET MANAGEMENT
13. ENVIRONMENTAL AND PHYSICAL SECURITY