As per Gazette Notice Number 44 dated 9th February 2024, the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations have come into effect.
These regulations enhance the capacity of both public and private sector institutions, such as the telecommunications, banking, transport, and energy sectors, to safeguard critical digital information from cyberattacks and improve cybersecurity readiness.
The owner of a critical information infrastructure may implement cybersecurity requirements relating to projects, software and their application on a critical information infrastructure, which may include using secure coding standards, using trusted and licensed sources for software development tools and libraries, conducting compliance tests for software against the defined organizational cybersecurity requirements, securing integration between software components or conducting a configurations review, securing configuration and hardening and patching before deployment of software products.
Auditors shall also have all powers necessary for the effective discharge of their mandate, including powers to enter premises to monitor and evaluate the compliance
with the directives issued under these Regulations, upon giving a thirty-day notice to the owner of a critical
information infrastructure.
Auditors can also require the production of any documents, additional information or any other matter from the owner.
These are just a few regulations from the gazette that were drafted in November 2023. It was then that the task force was mandated to draft the Computer Misuse and Cybercrimes Regulations during a meeting held at Harambee House.