The Government has launched the Updated National Information Security Framework (NISF) 2026, reaffirming its commitment to strengthening cybersecurity and building a secure, resilient and trusted digital Uganda.
The framework was launched on Wednesday by the Minister of ICT and National Guidance, Rt. Hon. Justine Kasule Lumumba, during a ceremony held at Four Points by Sheraton Kampala. The event brought together representatives from Ministries, Departments and Agencies (MDAs), development partners and cybersecurity stakeholders. It was organised by the National Information Technology Authority-Uganda (NITA-U) under the Uganda Digital Acceleration Project–Government Network (UDAP-GovNet).
Speaking at the launch, Lumumba said information security is no longer merely an ICT issue but a matter of national security, economic development, public service delivery and public trust.
“Information security is no longer just a technical matter for ICT officers. It is now a matter of national security, economic development, public service delivery and public trust,” she said.
She noted that as government continues to digitise public services, protecting information systems and citizens’ data must remain a national priority.
The Minister explained that the original National Information Security Framework was developed by NITA-U in 2014 under the National Information Security Strategy and endorsed through Presidential Security Directive No. 1 of 2014. It provided government institutions with a common approach to managing information security risks.
According to Lumumba, the updated framework responds to the rapidly evolving cyber threat landscape by providing institutions with practical guidance on strengthening cybersecurity governance, conducting security assessments, implementing baseline security controls and improving resilience against emerging cyber threats.
She stressed that leadership must take greater responsibility in cybersecurity management.
“Cybersecurity must begin with leadership. Accounting Officers, Boards and senior managers must understand that information security risks are institutional risks. A serious cyber incident can disrupt service delivery, lead to financial losses and erode public trust,” she said.
The Minister urged all MDAs to work closely with NITA-U in implementing the framework through regular cybersecurity assessments, addressing vulnerabilities and strengthening institutional cyber capabilities.
She also called on private sector organisations operating critical infrastructure, including those in banking, telecommunications, energy, transport and health, to collaborate with government in protecting Uganda’s interconnected digital ecosystem.
NITA-U Executive Director, Dr. Hatwib Mugasa, described the updated framework as a major milestone in Uganda’s cybersecurity journey and a reflection of the country’s commitment to keeping pace with an increasingly complex digital environment.
He said NITA-U has continued to coordinate secure digital transformation across government since its establishment under the NITA-U Act of 2009, building on the National Information Security Strategy of 2011 and the original framework launched in 2014.
“The updated National Information Security Framework is not just another policy document. It is a practical guide that reflects today’s threat landscape, aligns Uganda with current international best practices, and provides institutions with the tools they need to assess their cybersecurity maturity and strengthen their resilience,” Mugasa said.
He observed that although awareness of information security has grown across government, many institutions are yet to fully implement minimum cybersecurity controls. “Our next task is to move from awareness to measurable implementation. Through the updated framework and its accompanying toolkit, we are committed to helping Ministries, Departments and Agencies strengthen compliance and build genuine resilience against current and emerging cyber threats,” he added.
Mugasa said the framework is built on seven guiding principles: leadership accountability, collective responsibility, individual responsibility, risk management, secure information sharing, trusted personnel and organisational resilience.
He reaffirmed NITA-U’s commitment to coordinating implementation of the framework, monitoring compliance, providing technical support to government institutions and working with stakeholders to safeguard Uganda’s critical information infrastructure.
The Updated National Information Security Framework 2026 introduces practical cybersecurity assessment tools, strengthens governance requirements and establishes minimum baseline security controls for critical information infrastructure and operational technology.






























