---

National Cybersecurity Framework 

The National Cybersecurity Framework for (QNRCS) allows organisations to reduce the risk associated with cyber threats, providing the basis for any entity to meet the minimum security requirements of networks and information systems.

The document in question reflects the Portuguese organisational reality, responding to the need to implement Identification, Protection, Detection, Response and Recovery measures against threats that jeopardise the security of cyberspace.

The QNRCS presents a set of recommendations so that organisations can define a strategy that involves their entire structure. Entities can join on a voluntary basis and benefit from a homogeneous approach that promotes a national response to cyber threats.

To access the document Click here To access the english version Click here

---

Cybersecurity Capabilities Assessment Framework

Aimed at organisations to support their cybersecurity capacity building, the Cybersecurity Capabilities Assessment Framework is a complementary product to the National Cybersecurity Framework  (QNRCS), following the CNCS strategy, as regards the availability of benchmarks and support tools.

The document in question presents, for each of the cybersecurity measures included in the QNRCS, the definition of three levels of capability (Initial, Intermediate and Advanced), so that organisations can meet the five cybersecurity objectives - identify, protect, detect, respond and recover, taking into account their context and size.

It should be remembered that the levels of capability applicable to each organisation depend on its specific characteristics and the document presented is flexible enough for application in different contexts. As an example, for an organisation with only 5 employees, it may not be necessary to define a security policy fully aligned with market standards or even have a formal documented procedure for recruiting staff.

---

Summary Table (Excel)

All the measures described in the National Cybersecurity Framework are available in the summary table.

The document is organised in an accessible way and divided by the five objectives: identify, protect, detect, respond and recover; which allows a more simplified visualisation.

---

CiberCheckUp

CiberCheckUp is an instrument that allows assessing the state of an organisation in terms of cybersecurity, considering the National Cybersecurity Framework and the Evaluation Framework of Minimum Capacities in Cybersecurity. It is a complementary product to the National Cybersecurity Framework, responding to the strategy of the National Centre for Cybersecurity, as regards the availability of benchmarks and support tools. To access the online tool Click here