2.1 Structure
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
The Framework is structured around four main domains, namely:
- Cyber Security Leadership and Governance.
- Cyber Security Risk Management and Compliance.
- Cyber Security Operations and Technology.
- Third Party Cyber Security.
For each domain, several subdomains are defined. A subdomain focusses on a specific cyber security topic. Per subdomain, the Framework states a principle, objective and control considerations.
- A principle summarizes the main set of required cyber security controls related to the subdomain.
- The objective describes the purpose of the principle and what the set of required cyber security controls are expected to achieve.
- The control considerations reflects the mandated cyber security controls that should be considered.
Control considerations have been uniquely numbered throughout the Framework. Where applicable, a control consideration can consist of up to 4 levels.
The control considerations are numbered according to the following numbering system:
 |
Figure 1 - Control consideration numbering system |
| The figure below illustrates the overall structure of the Framework and indicates the cyber security domains and subdomains, including a reference to the applicable section of the Framework. |
 |
Figure 2 - Cyber Security Framework |