Chwilio Deddfwriaeth

Chwiliad Uwch

Commission Decision (EU, Euratom) 2015/444Dangos y teitl llawn

Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information

Help about what version

Pa Fersiwn

Help about advanced features

Nodweddion Uwch

Help about UK-EU Regulation

Deddfwriaeth yn deillio o’r UE

Pan adawodd y DU yr UE, cyhoeddodd legislation.gov.uk ddeddfwriaeth yr UE a gyhoeddwyd gan yr UE hyd at ddiwrnod cwblhau’r cyfnod gweithredu (31 Rhagfyr 2020 11.00 p.m.). Ar legislation.gov.uk, mae'r eitemau hyn o ddeddfwriaeth yn cael eu diweddaru'n gyson ag unrhyw ddiwygiadau a wnaed gan y DU ers hynny.

Close

Mae'r eitem hon o ddeddfwriaeth yn tarddu o'r UE

Mae legislation.gov.uk yn cyhoeddi fersiwn y DU. Mae EUR-Lex yn cyhoeddi fersiwn yr UE. Mae Archif Gwe Ymadael â’r UE yn rhoi cipolwg ar fersiwn EUR-Lex o ddiwrnod cwblhau’r cyfnod gweithredu (31 Rhagfyr 2020 11.00 p.m.).

Changes to legislation:

Roedd y fersiwn hon o'r Penderfyniad hwn yn deillio o EUR-Lex ar ddiwrnod cwblhau’r cyfnod gweithredu (31 Rhagfyr 2020 11: 00 p.m.). Nid yw wedi cael ei diwygio gan y DU ers hynny. Darganfyddwch fwy am ddeddfwriaeth sy'n deillio o'r UE fel y'i cyhoeddwyd ar legislation.gov.uk. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.

Article 36U.K.CIS handling EUCI

1.CIS shall handle EUCI in accordance with the concept of IA.

2.For CIS handling EUCI, compliance with the Commission's information systems security policy, as referred to in Commission Decision C(2006)3602(1), implies that:

(a)the Plan-Do-Check-Act approach shall be applied for the implementation of the information systems security policy during the full life-cycle of the information system;

(b)the security needs must be identified through a business impact assessment;

(c)the information system and the data therein must undergo a formal asset classification;

(d)all mandatory security measures as determined by the policy on security of information systems must be implemented;

(e)a risk management process must be applied, consisting of the following steps: threat and vulnerability identification, risk assessment, risk treatment, risk acceptance and risk communication;

(f)a security plan, including the Security Policy and the Security Operating Procedures, is defined, implemented, checked and reviewed.

3.All staff involved in the design, development, testing, operation, management or usage of CIS handling EUCI shall notify to the SAA all potential security weaknesses, incidents, breaches of security or compromise which may have an impact on the protection of the CIS and/or the EUCI therein.

4.Where the protection of EUCI is provided by cryptographic products, such products shall be approved as follows:

(a)preference shall be given to products which have been approved by the Council or by the Secretary-General of the Council in its function as crypto approval authority of the Council, upon recommendation of the Commission Security Expert Group;

(b)where warranted on specific operational grounds, the Commission Crypto Approval Authority (CAA) may, upon recommendation of the Commission Security Expert Group, waive the requirements referred to under a) and grant an interim approval for a specific period.

5.During transmission, processing and storage of EUCI by electronic means, approved cryptographic products shall be used. Notwithstanding this requirement, specific procedures may be applied under emergency circumstances or in specific technical configurations after approval by the CAA.

6.Security measures shall be implemented to protect CIS handling information classified CONFIDENTIEL UE/EU CONFIDENTIAL or above against compromise of such information through unintentional electromagnetic emanations (‘TEMPEST security measures’). Such security measures shall be commensurate with the risk of exploitation and the level of classification of the information.

7.The Commission Security Authority shall assume the following functions:

  • IA Authority (IAA),

  • Security Accreditation Authority (SAA),

  • TEMPEST Authority (TA),

  • Crypto Approval Authority (CAA),

  • Crypto Distribution Authority (CDA).

8.The Commission Security Authority shall appoint for each system the IA Operational Authority.

9.The responsibilities of the functions described in paragraphs 7 and 8 will be defined in the implementing rules.

(1)

C(2006) 3602 of 16 August 2006 concerning the security of information systems used by the European Commission.

Yn ôl i’r brig

Options/Cymorth

Print Options

Close

Mae deddfwriaeth ar gael mewn fersiynau gwahanol:

Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.

Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE): Mae'r wreiddiol version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.

Close

Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys

Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.

Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.

Close

Dewisiadau Agor

Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd

Close

Rhagor o Adnoddau

Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:

  • y PDF print gwreiddiol y fel adopted version that was used for the EU Official Journal
  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • pob fformat o’r holl ddogfennau cysylltiedig
  • slipiau cywiro
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Close

Llinell Amser Newidiadau

Mae’r llinell amser yma yn dangos y fersiynau gwahanol a gymerwyd o EUR-Lex yn ogystal ag unrhyw fersiynau dilynol a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig.

Cymerir dyddiadau fersiynau’r UE o ddyddiadau’r dogfennau ar EUR-Lex ac efallai na fyddant yn cyfateb â’r adeg pan ddaeth y newidiadau i rym ar gyfer y ddogfen.

Ar gyfer unrhyw fersiynau a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig, bydd y dyddiad yn cyd-fynd â’r dyddiad cynharaf y daeth y newid (e.e. ychwanegiad, diddymiad neu gyfnewidiad) a weithredwyd i rym. Am ragor o wybodaeth gweler ein canllaw i ddeddfwriaeth ddiwygiedig ar Ddeall Deddfwriaeth.

Close

Rhagor o Adnoddau

Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:

  • y PDF print gwreiddiol y fel adopted fersiwn a ddefnyddiwyd am y copi print
  • slipiau cywiro

liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys

  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill

Mae'r data ar y dudalen hon ar gael yn y fformatau data amgen a restrir: