News Item

Updated Good Practice Guide on National Cyber Security Strategies by ENISA

Published on November 14, 2016

ENISA publishes its second National Cyber Security Strategy Good Practice Guide, providing an update to the 2012 ENISA guidebook on the design and implementation of a National Cyber Security Strategy (NCSS).

This guide includes an update on the different steps, objectives and good practices of the first edition, and analyses the status of National Cyber Security Strategies in the European Union and EFTA countries. The key aim is to support EU Member States in their efforts to develop and update their NCSS.

Furthermore, the guide proposes a NCCS lifecycle, with a special emphasis on the ‘evaluation and maintaining’ phase. It presents six steps for the design and development of a NCSS and sixteen objectives for the implementation of the NCSS.

The guide can be used as a tool by governmental bodies that are responsible for cyber security strategies. It highlights good practices, identifies gaps and challenges, and suggests key performance indicators (KPIs) for the evaluation phase. It concludes with a set of recommendations on how to proceed with the development and maintenance of a NCSS.

The guide is targeted at public officials, policy makers and entities involved in the lifecycle of the strategy such as private, civil and industry stakeholders.

The recently adopted NIS Directive requires all EU Member States to develop and adopt a NCSS. For this reason, the guide will particularly assist countries that don't have a strategy already in place, through the design and implementation phase, while assist countries which have a strategy, to update and strengthen their NCSS.

The National Cyber Security Strategy Good Practice Guide  is available online.

For press and media enquiries please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information