Armenia moved on Thursday to introduce a framework of internationally applicable cybersecurity standards, setting requirements for critical information infrastructure operators, cybersecurity service providers, and auditors.

The bill on establishing a list of internationally applicable cybersecurity standards was approved at a Cabinet meeting.

First Deputy Minister of High-Tech Industry of Armenia, Gevorg Mantashyan, briefed Cabinet members on the regulations.

He said that the Cybersecurity Law adopted by parliament last year was a key achievement and an important step toward strengthening digital security and cybersecurity.

He said several by-laws are now required.

“With this decision, we are defining international standards for critical information infrastructures operating in vital sectors, deriving from the law,” he noted.

According to Mantashyan, the decision also sets requirements for cybersecurity service providers.

“Since there are, and can be, providers of services for critical infrastructures, we are also setting requirements for cybersecurity service providers, specifically the standards they must comply with, as well as requirements for auditors in case these systems undergo audits,” he said.

The First Deputy Minister noted that, in the context of the widespread use of digital tools, risks are also increasing, and the government initiative is aimed at raising the overall level of security.

“I will not reveal a secret by saying that digital tools are becoming more widespread in our lives, and they can carry more risks. We believe this is a very necessary action at the moment. It will also bring certain costs for businesses, but we consider it an investment in our overall security,” Mantashyan said.

According to him, discussions on the bill were previously held with the participation of representatives of the private sector and companies from vital sectors.

“This will not come as a surprise, because the law was discussed three times on e-draft [online public debate platform], and at different times it was discussed with the private sector and specifically with companies from vital sectors. We believe that with this we are fixing the minimum standard that everyone must meet,” he said.

Mantashyan also noted that various companies are already using certain solutions and standards, but the lack of a unified approach in the sector can create vulnerabilities.

Published by Armenpress, original at https://armenpress.am/en/article/1250179