The framework was unveiled on Wednesday during an event held at Four Points by Sheraton Kampala was organised by the National Information Technology Authority–Uganda (NITA-U) under the Uganda Digital Acceleration Project–Government Network (UDAP-GovNet).
Speaking at the launch, Lumumba said information security has evolved beyond a technical concern to become a national development priority.
"Information security is no longer just a technical matter for ICT officers. It is now a matter of national security, economic development, public service delivery and public trust," she said.
She noted that as government increasingly delivers services through digital platforms, safeguarding information systems and protecting citizens' data must remain a top national priority.
Lumumba explained that the original National Information Security Framework developed by NITA-U in 2014 under the National Information Security providing government institutions with a common approach to managing information security risks.
She said the updated framework responds to significant technological advancements and the evolving cyber threat landscape over the past decade by providing practical guidance to strengthen cybersecurity governance, conduct security assessments, implement baseline security controls and enhance resilience against emerging threats.
The minister underscored the importance of the framework
“It is intended to protect their operations, safeguard public information and maintain essential services,” she said, urging responsible officers to ensure leadership.
" Accounting Officers, Boards and senior managers must understand that information security risks are institutional risks. A serious cyber incident can disrupt and interrupt service delivery leading to loss of sensitive information, cause financial losses and erode public trust.”
“We must therefore give cyber security the same level of attention that we give to financial management. At the same time, any person who uses a government system has a role to play since cyber security is not only a responsibility of the Ministry of ICT but everyone.”
She urged ministries, departments and agencies to work closely with NITA-U in implementing the framework by conducting regular cybersecurity assessments, addressing identified vulnerabilities and strengthening institutional cybersecurity capabilities.
The minister also urged private sector organisations operating critical infrastructure—including banking, telecommunications, energy, transport and health—to collaborate with government in protecting Uganda's interconnected digital ecosystem.
NITA-U Executive Director Dr. Hatwib Mugasa described the updated framework as a significant milestone in Uganda's cybersecurity journey and a reflection of the country's commitment to keeping pace with an increasingly complex digital environment.
He said NITA-U has continued to coordinate secure digital transformation across government, building on the National Information Security Strategy of 2011 and the original framework introduced in 2014.
"The Updated National Information Security Framework is not just another policy document. It is a practical guide that reflects today's threat landscape, aligns Uganda with current international best practices and provides institutions with the tools they need to assess their cybersecurity maturity and strengthen their resilience," Dr. Mugasa said.
He observed that although government has made considerable progress in raising awareness on information security and establishing national standards, many institutions have yet to fully implement minimum cybersecurity controls.
"Our next task is to move from awareness to measurable implementation. Through the updated framework and its accompanying toolkit, we are committed to helping Ministries, Departments and Agencies strengthen compliance and build genuine resilience against current and emerging cyber threats," he added.
Dr. Mugasa said the framework is anchored on seven guiding principles; leadership accountability, collective responsibility, individual responsibility, risk management, secure information sharing, trusted personnel and organisational resilience.
He reaffirmed NITA-U's commitment to coordinating implementation of the framework, monitoring compliance, providing technical support to MDAs and working with stakeholders to safeguard Uganda's critical information infrastructure.
Strengthening Digital Government
The Updated National Information Security Framework (NISF) 2026 introduces practical cybersecurity assessment tools, strengthens governance requirements and establishes minimum baseline security controls for critical information infrastructure and operational technology.
Government expects its implementation to improve institutional resilience, protect national information assets and enhance public confidence in digital government services.
The launch forms part of Uganda's broader digital transformation agenda, aimed at ensuring the country's digital infrastructure remains secure, reliable and resilient as government services become increasingly technology-driven.