We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Governance

The National Cyber Security Perimeter (PSNC) 

The National Cyber Security Perimeter, introduced by Decree Law No. 105/2019, protects critical networks and services from cyber threats. It imposes strict security measures for strategic entities and essential infrastructure. This article explores how it works, who is involved and what measures are required.

Critical infrastructures from cyber risks

10 February 2025

Table of contents

  • What is the National Cyber Security Perimeter? 
  • How the National Cyber Security Perimeter works 
  • The legislation: Decree Law No. 105 and implementing Decrees
  • Entities included in the National Cyber Security Perimeter 

Cyber security has become a global priority due to the growing threat of cyberattacks. In Italy, the National Cyber Security Perimeter, introduced by Decree Law No. 105 of 2019, represents a strategic response to protect critical networks, systems, and services from potential risks. 

This article explores what the National Cyber Security Perimeter is, how it works, which entities are involved, and what measures must be adopted to ensure the security of essential networks and services

What is the National Cyber Security Perimeter? 

The National Cyber Security Perimeter is a set of measures and regulations aimed at protecting networks, information systems, and ICT services used in activities crucial to the country’s security.

This legislative framework was introduced by Decree Law No. 105 of 2019, later converted into Law 133/2019, in response to the growing need to safeguard Italy’s critical infrastructure from incidents impacting national cyber security

The primary goal of the perimeter is to ensure the protection of essential assets, systems, and services, such as those used by public administrations, strategic operators, and private companies involved in providing essential services.

These entities, referred to as “subjects included in the perimeter,” must comply with strict security protocols to mitigate any cyber risks. 

How the National Cyber Security Perimeter works 

The operation of the National Cyber Security Perimeter is based on a structured regulatory framework and specific implementing decrees. The entities within the perimeter must ensure the security of their infrastructures by: 

Identifying entities and critical infrastructures 

Through specific decrees, the Prime Minister’s Office and the Council of Ministers identify which entities must adopt security measures. These entities are selected based on criteria such as the essential function they perform or the provision of an essential service

Adopting specific security measures 

Identified entities must implement a series of security measures to protect the ICT services used within the perimeter. These measures include: 

  • Protecting infrastructures from unauthorized access;
  • Continuous monitoring systems to detect vulnerabilities and incidents with an impact;
  • Mandatory notification of incidents to the National Computer Security Incident Response Team (CSIRT). 

Technical evaluations and verifications 

The ICT assets, systems, and services used within the perimeter must undergo evaluations by the National Evaluation and Certification Center (CVCN), initially overseen by the Ministry of Economic Development and now under the National Cyber Security Agency (ACN). 

National Cyber Security Perimeter

The legislation: Decree Law No. 105 and implementing Decrees

Decree Law No. 105 of 2019 laid the foundation for the National Cyber Security Perimeter, establishing criteria for identifying critical entities and infrastructures. However, subsequent implementing decrees made the perimeter operational: 

  • DPCM of June 15, 2021
    Lists the categories of ICT assets subject to controls. 

These decrees are critical to ensuring national cyber security and creating a resilient ecosystem to cyber threats.

Entities included in the National Cyber Security Perimeter 

The entities included in the perimeter are public and private organizations that perform activities deemed essential for the country’s security. These entities are selected based on criteria such as: 

  • Essential function
    Performing activities crucial to the state. 
  • Essential service
    Providing ICT services necessary for maintaining fundamental civil and social activities. 
  • Graduality
    Considering the severity of the impact of a potential incident. 

The infrastructures of these entities are particularly sensitive and must therefore be continuously monitored and protected from any impactful incidents

Conclusion 

The National Cyber Security Perimeter represents a concrete and necessary response to protect critical infrastructures and essential services.

By adopting specific security measures and implementing a centralized governance system, the perimeter ensures a high level of security for national networks and information systems. 

Questions and answers

  1. What is the National Cyber Security Perimeter? 
    It is a set of regulatory and technical measures to protect Italy’s critical infrastructures from cyber risks. 
  1. Which entities are included in the perimeter? 
    Public and private organizations that perform essential functions or provide essential services. 
  1. What is the role of the CSIRT? 
    The Computer Security Incident Response Team manages and monitors reports of cyber incidents. 
  1. What are the mandatory security measures? 
    Protecting ICT assets, continuous monitoring, and mandatory incident reporting. 
  1. What is Decree Law No. 105? 
    It is the decree that established the National Cyber Security Perimeter. 
  1. What is the role of the CVCN? 
    The CVCN evaluates and certifies the security of ICT assets, systems, and services used within the perimeter. 
  1. Why is the cyber security perimeter important? 
    It ensures the protection of critical infrastructures vital to national security. 
  1. What are essential services? 
    ICT services required for fundamental social, economic, and civil activities. 
  1. What happens in the event of an incident? 
    Incidents must be promptly reported to the CSIRT according to existing regulations. 
  1. What is the role of the Ministry of Economic Development? 
    Together with the ACN, it oversees security evaluations of ICT assets within the perimeter. 
6
To top