Government has launched the Updated National Information Security Framework (NISF) 2026, a move aimed at strengthening cybersecurity, protecting critical information infrastructure and building a secure, resilient and trusted digital Uganda.
The framework was officially launched by the Minister of ICT and National Guidance, Rt. Hon. Justine Kasule Lumumba, during an event held at Four Points by Sheraton Kampala.
The launch was hosted by the National Information Technology Authority–Uganda (NITA-U) under the Uganda Digital Acceleration Project–Government Network (UDAP-GovNet).
Speaking at the event, Lumumba said information security has moved beyond being a technical issue to become a key pillar of national development.
“Information security is no longer just a technical matter for ICT officers. It is now a matter of national security, economic development, public service delivery and public trust,” Lumumba said.
She noted that as government continues to expand digital service delivery, protecting information systems and citizens’ data must remain a national priority.
Lumumba explained that the original National Information Security Framework was developed by NITA-U in 2014 under the National Information Security Strategy and endorsed through Presidential Security Directive No. 1 of 2014 to provide government institutions with a common approach to managing information security risks.
She said the updated framework responds to changes in technology and the evolving cyber threat environment by providing institutions with practical guidance on cybersecurity governance, security assessments, baseline controls and resilience against emerging threats.
“Cybersecurity must begin with leadership. Accounting Officers, Boards and senior managers must understand that information security risks are institutional risks. A serious cyber incident can disrupt service delivery, lead to financial losses and erode public trust,” she said.
The minister urged all MDAs to work closely with NITA-U to implement the framework, conduct regular cybersecurity assessments, address vulnerabilities and strengthen institutional cybersecurity capacity.
She also called on private sector organisations operating critical infrastructure—including those in banking, telecommunications, energy, transport and health—to collaborate with government in protecting Uganda’s interconnected digital ecosystem.
Speaking at the launch, NITA-U Executive Director Dr. Hatwib Mugasa described the updated framework as a significant milestone in Uganda’s cybersecurity journey.
He said the framework reflects Uganda’s commitment to keeping pace with the increasingly complex digital environment while strengthening the country’s ability to respond to cyber threats.
Dr. Mugasa noted that NITA-U, established under the NITA-U Act of 2009, has continued to coordinate secure digital transformation across government, building on the National Information Security Strategy of 2011 and the original framework launched in 2014.
“The updated National Information Security Framework is not just another policy document. It is a practical guide that reflects today’s threat landscape, aligns Uganda with current international best practices and provides institutions with the tools they need to assess their cybersecurity maturity and strengthen their resilience,” Dr. Mugasa said.
He observed that although government has made progress in raising awareness about information security and establishing national standards, many institutions still need to move beyond awareness into full implementation of cybersecurity controls.
“Our next task is to move from awareness to measurable implementation. Through the updated framework and its accompanying toolkit, we are committed to helping Ministries, Departments and Agencies strengthen compliance and build genuine resilience against current and emerging cyber threats,” he added.
Dr. Mugasa said the framework is built around seven guiding principles: leadership accountability, collective responsibility, individual responsibility, risk management, secure information sharing, trusted personnel and organisational resilience.
He explained that these principles provide a foundation for improving cybersecurity governance across government institutions.
NITA-U reaffirmed its commitment to coordinating implementation of the framework, monitoring compliance, offering technical support to MDAs and working with stakeholders to safeguard Uganda’s critical information infrastructure.
The Updated National Information Security Framework (NISF) 2026 introduces cybersecurity assessment tools, strengthens governance requirements and establishes minimum security controls for critical information infrastructure and operational technology.
Government expects the implementation of the framework to improve institutional resilience, protect national information assets and enhance public confidence in digital government services.
The initiative forms part of Uganda’s broader digital transformation agenda aimed at ensuring that the country’s digital infrastructure remains secure, reliable and resilient amid growing cyber threats.




















