By making the Baseline Information Security Government (BIO) mandatory, State Secretary van Huffelen wants to give government information security a legal basis. She writes this in a letter to the House of Representatives.
The BIO (1) describes security goals for which appropriate measures must be chosen, along with a mandatory set of basic measures. The commitment to this legal basis was expressed in 2021 by predecessor Raymond Knops in the Kamerbrief Voortgang informatieveiligheid bij de overheid (2).
By regulating a general duty of care for information security in government in one place (namely with the BIO), there will also be a simplification of rules within government. This shifts the focus from administrative security to actual security. Now there are information security requirements from the Rijksoverheid from different sources for co-governments.
Van Huffelen not only wants to start enforcing general rules, such as the BIO. Also on specific rules from professional departments supplementary to this.
Line ministries, municipalities, provinces and water boards are and remain responsible for their own information security. In setting up a government-wide system of standard-setting and supervision, van Huffelen wants to include the accountability that organizations provide to their own controlling body.
digitaloverheid.nl/overview-of-all-topics/information-safety/frameworks-for-information-safety/baseline-information-security-government/
https://www.rijksoverheid.nl/documenten/kamerstukken/2021/03/18/kamerbrief-voortgang-informatieveiligheid-overheid
