The newly appointed Minister of ICT and National Guidance, Rt. Hon. Justine Kasule Lumumba, has today officially launched the Updated National Information Security Framework (NISF) 2026, reaffirming the government’s commitment to strengthening cybersecurity and building a secure, resilient, and trusted digital Uganda.
The launch, hosted by NITA-Uganda under the Uganda Digital Acceleration Project – Government Network (UDAP-GovNet) at Four Points by Sheraton Kampala, brought together government representatives from MDAs and cybersecurity stakeholders.
The Updated National Information Security Framework (NISF) 2026 introduces practical cybersecurity assessment tools, strengthens governance requirements, and establishes minimum baseline security controls for critical information infrastructure and operational technology. Its implementation is expected to improve institutional resilience, protect national information assets, and strengthen public confidence in digital government services.
Speaking at the launch, Rt. Hon. Lumumba emphasized that information security has become a national development imperative. “Information security is no longer just a technical matter for ICT officers. It is now a matter of national security, economic development, public service delivery, and public trust,” she said.

Rt. Hon. Lumumba noted that as the government increasingly delivers services through digital platforms, safeguarding information systems and protecting citizens’ data must remain a national priority.
The Minister observed that the original National Information Security Framework, developed by NITA-Uganda in 2014 under the National Information Security Strategy, was endorsed through Presidential Security Directive No. 1 of 2014, providing government institutions with a common approach to managing information security risks.
Recognizing the significant changes in technology and the evolving cyber threat landscape over the past decade, she said the updated Framework equips government institutions with practical guidance to strengthen cybersecurity governance, conduct security assessments, implement baseline security controls, and build resilience against emerging threats.
“Cybersecurity must begin with leadership,” she said. “Accounting Officers, Boards and senior managers must understand that information security risks are institutional risks. A serious cyber incident can disrupt service delivery, lead to financial losses and erode public trust.”
Dr. Hatwib Mugasa, Executive Director of NITA-Uganda, said the updated Framework represents an important milestone in Uganda’s cybersecurity journey and reflects the country’s commitment to keeping pace with an increasingly complex digital environment.

“The updated National Information Security Framework is not just another policy document. It is a practical guide that reflects today’s threat landscape, aligns Uganda with current international best practices, and provides institutions with the tools they need to assess their cybersecurity maturity and strengthen their resilience,” said Dr. Mugasa.
He observed that while the government has made significant progress in raising awareness of information security and establishing national standards, many institutions remain at the awareness stage rather than fully implementing minimum cybersecurity controls.
“Our next task is to move from awareness to measurable implementation,” he said. “Through the updated Framework and its accompanying toolkit, we are committed to helping MDAs strengthen compliance and build genuine resilience against current and emerging cyber threats.”
Dr. Mugasa further highlighted that the Framework is anchored on seven (7) guiding principles: leadership accountability, collective responsibility, individual responsibility, risk management, secure information sharing, trusted personnel, and organisational resilience. These principles, he said, provide the foundation for strengthening cybersecurity governance across government.
He reaffirmed NITA-Uganda’s commitment to coordinating implementation of the Framework, monitoring compliance, providing technical support to MDAs, and working with stakeholders to safeguard Uganda’s critical information infrastructure.

Rt. Hon. Lumumba, while calling upon all MDAs to work closely with NITA-Uganda in implementing the Framework, conducting regular cybersecurity assessments, addressing identified vulnerabilities, and strengthening institutional cybersecurity capabilities, also urged private sector organisations operating critical infrastructure, including those in banking, telecommunications, energy, transport and health, to collaborate with the government in protecting Uganda’s interconnected digital ecosystem.
The launch of the Updated National Information Security Framework (NISF) 2026 forms part of the government’s broader efforts to accelerate digital transformation while ensuring that Uganda’s digital infrastructure remains secure, reliable, and resilient.