Report on five government authorities’ compliance with 20 technical minimum information security requirements


Report no. 9/2021

It is Rigsrevisionen’s assessment that the Ministry of Finance, the Ministry of Justice, the Ministry of Health, the Ministry of Climate, Energy and Utilities, and the Ministry of Food, Agriculture and Fisheries have not ensured that the five selected authorities complied with all 20 technical minimum information security requirements, when Rigsrevisionen conducted an audit of the area in 2021. This is considered unsatisfactory by Rigsrevisionen, since most of the requirements should have been implemented by 1 January 2020. The consequence is that the authorities’ IT-systems, mobile phones and tablets have been more vulnerable to cyberattacks and abuse. 

Rigsrevisionen took initiative to the study in June 2021. The study builds on the results of five it audits conducted in the period from March to September 2021.

Read the introduction and conclusion (PDF)