ORDER OF ADMINISTRATION OF PUBLIC SERVICE OF SPECIAL COMMUNICATION AND INFORMATION SECURITY OF UKRAINE

of February 3, 2026 No. 87

About approval of Requirements to organizational and technical capability of national team of response to cyberincidents, cyber attacks, cyberthreats (CERT-UA), industry and regional teams of response to cyberincidents, cyber attacks, cyberthreats (CSIRT)

According to the paragraph third Item 112 parts one of article 14 of the Law of Ukraine "About public service of special communication and information security of Ukraine", Item of 1 part two of Article 8, Item 2 parts three of article 9 of the Law of Ukraine "About the basic principles of ensuring cyber security of Ukraine", subitem 95-41 of Item 4, Item 10 of the Regulations on Administration of Public service of special communication and information security of Ukraine approved by the resolution of the Cabinet of Ministers of Ukraine of September 03, 2014 No. 411, of Item 7 of the National plan of the response to cyberincidents, cyber attacks and cyberthreats approved by the resolution of the Cabinet of Ministers of Ukraine of November 26, 2025 No. 1533,

I ORDER:

1. Approve Requirements to organizational and technical capability of national team of response to cyberincidents, cyber attacks, cyberthreats (CERT-UA), industry and regional teams of response to cyberincidents, cyber attacks, cyberthreats (CSIRT) which are attached.

2. To provide to department of cyberprotection of Administration of Public service of special communication and information security of Ukraine in accordance with the established procedure submission of this order on state registration in the Ministry of Justice of Ukraine.

3. This order becomes effective from the date of its official publication.

Approved by the Order of Administration of Public service of special communication of information security of Ukraine of February 3, 2026, No. 87

Requirements to organizational and technical capability of national team of response to cyberincidents, cyber attacks, cyberthreats (CERT-UA), industry and regional teams of response to cyberincidents, cyber attacks, cyberthreats (CSIRT)

I. General provisions

1. These Requirements determine levels of maturity of organizational and technical capability of national team of response to cyberincidents, cyber attacks, cyberthreats (CERT-UA) (further - national team of reaction), industry and regional teams of response to cyberincidents, cyber attacks, cyberthreats (CSIRT) (further - team of reaction).

2. In these Requirements terms are used in the following value:

users are subjects of ensuring cyber security to whom provide services in connection with reaction and recommendations about response to cyberincidents, cyber attacks, cyberthreats;

parameters - the characteristics concerning the organization and functioning of teams of reaction;

levels of maturity of organizational and technical capability of team of reaction (maturity levels) - the standardized assessment of organizational technical aptitudes of team of reaction.

3. Other terms are used in the value given in the Laws of Ukraine "About information security in information and communication systems", "About electronic communications", "About the basic principles of ensuring cyber security of Ukraine", the National plan of response to cyberincidents, cyber attacks and cyberthreats approved by the resolution of the Cabinet of Ministers of Ukraine of November 26, 2025 No. 1533.

4. Level of maturity of organizational and technical capability of team of reaction is determined by forty five parameters specified in the Section II of these Requirements.

5. Parameters are divided into the following four categories:

Organizational (O) parameters;

Parameters of personnel (H);

Parameters of tools (T);

Parameters of processes (P).

6. Each parameter is measured on scale from "0" to "4" in full or partially:

1) value "0" (it is unavailable / vaguely / it is unknown): the personnel do not observe the requirement or fulfill part of requirements; there are no documents determining processes, procedures, requirements to accomplishment of task; in some cases the team of reaction is guided by the approved regulatory legal acts;

2) value "1" (implicitly): the personnel partially know and understand requirements to accomplishment of tasks and carry out them; there are no documents determining processes, procedures, requirements to accomplishment of tasks; in some cases the team of reaction is guided by the approved regulatory legal acts;

3) value "2" (obviously, internally): the personnel know and understand requirements to accomplishment of tasks and carry out them; the team of reaction follows the commonly accepted rules created in team of reaction during its functioning; in some cases the team of reaction is guided by the approved regulatory legal acts;

4) value "3" (it is explicit, determined by public authority or local government body which formed team of reaction (further - body)): the personnel know and understand requirements to accomplishment of tasks and carry out them; documents which determine processes, procedures, requirements to accomplishment of tasks determined by body;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info