{"id":34968,"date":"2024-12-26T00:00:40","date_gmt":"2024-12-26T06:00:40","guid":{"rendered":"https:\/\/garciabodan.com\/?p=34968"},"modified":"2025-09-05T11:45:27","modified_gmt":"2025-09-05T17:45:27","slug":"el-salvadors-legislative-assembly-approves-cybersecurity-law","status":"publish","type":"post","link":"https:\/\/garciabodan.com\/en\/el-salvadors-legislative-assembly-approves-cybersecurity-law\/","title":{"rendered":"El Salvador&#8217;s Legislative Assembly Approves Cybersecurity Law"},"content":{"rendered":"<p>On November 23, 2024, the new Cybersecurity and Information Security Law came into effect, aiming to ensure the protection of data and computer systems managed by state entities, as well as the country&#8217;s critical infrastructures.<\/p>\r\n<p><span data-contrast=\"auto\">The law applies to all government bodies, including its dependencies, autonomous institutions, municipal authorities, and any entity managing public resources, state assets, or impacting critical infrastructures. Additionally, it may extend to certain private sector entities, such as those managing public information or interacting with the country\u2019s critical systems.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\r\n<p><span data-contrast=\"auto\">The law also imposes various responsibilities on the obligated parties, particularly regarding the implementation of cybersecurity systems and strategies.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\r\n<p>Key obligations include:<\/p>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Ongoing Cybersecurity Management:<\/span><\/b><span data-contrast=\"auto\"> Entities must implement a management system that allows them to identify and mitigate risks that could affect the security of their computer systems, networks, and equipment.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Development of Security Strategies:<\/span><\/b><span data-contrast=\"auto\"> They must create information security strategies aligned with national and international frameworks.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Continuity and Review Plans:<\/span><\/b><span data-contrast=\"auto\"> Entities are required to develop operational continuity and cybersecurity plans, which must be approved by the competent authority and reviewed periodically.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Simulations and Ongoing Analyses:<\/span><\/b><span data-contrast=\"auto\"> Simulations and continuous reviews must be conducted to detect vulnerabilities in systems and processes that could compromise information security.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"5\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Cybersecurity Incident Responses:<\/span><\/b><span data-contrast=\"auto\"> Entities must take immediate measures to prevent, report, and mitigate cybersecurity and information security incidents.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"6\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Designation of Responsible Parties:<\/span><\/b><span data-contrast=\"auto\"> The law mandates the creation of a dedicated area or the designation of responsible individuals for implementing and monitoring cybersecurity measures, ensuring they have the independence and authority to perform their duties.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<p><b><span data-contrast=\"auto\">State Cybersecurity Agency<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\r\n<p><span data-contrast=\"auto\">With the approval of this law, the State Cybersecurity Agency is established, an entity responsible for overseeing and enforcing the provisions of the law. This agency will be responsible for coordinating with institutions and ensuring compliance with established security standards. Among its key responsibilities are:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Developing the National Cybersecurity and Information Security Policy, which will include necessary guidelines, plans, and action programs. This policy must be approved by the president of the Republic.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Issuing regulations, protocols, and technical standards based on international best practices in cybersecurity, aligned with national policy.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Creating and implementing action programs to address cybersecurity threats or incidents affecting the obligated entities.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Requiring affected entities to take necessary actions to mitigate the effects of incidents and ensure the recovery of systems and protection of information.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\r\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>On November 23, 2024, the new Cybersecurity and Information Security&#8230;<\/p>\n","protected":false},"author":10,"featured_media":42767,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[226,229],"tags":[],"class_list":["post-34968","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alert","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/34968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/comments?post=34968"}],"version-history":[{"count":2,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/34968\/revisions"}],"predecessor-version":[{"id":42766,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/34968\/revisions\/42766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/media\/42767"}],"wp:attachment":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/media?parent=34968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/categories?post=34968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/tags?post=34968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}