CBJ Compliance

To safeguard payment account data, the PCI Security Standards mandate the implementation of robust security controls, cultivation of security awareness, and performance of continuous testing.

What is the FinCERT?

In 2019, the Central Bank of Jordan (CBJ), in coordination with operating banks, established a dedicated cybersecurity incident response hirarchy. This hirarchy comprises the Cybersecurity Committee for the Financial and Banking Sector, an oversight Executive Committee, and a specialized Cyber Incident Response Unit (Financial Computer Emergency Response Team (FinCERT). The FinCERT is specifically tasked with managing cybersecurity operations and coordinating incident response activities across the financial sector in accordance with relevant laws, regulations, and best practices.

What is the CBJ Cybersecurity Framework?

The Central Bank of Jordan Cybersecurity Framework (CBJ CSF) is a set of mandatory requirements and guidelines designed to enhance the cybersecurity posture of the Jordanian financial sector.

Need more details? Review the Framework:

Review CBJ's Framework

If you cannot find what you want, please visit the FinCERT website

The framework aims to ensure the confidentiality, integrity, and availability of information and information systems against the backdrop of increasing digitalization and evolving cyber risks.

 

It provides a structured approach to cybersecurity risk management, helping institutions to identify, assess, and mitigate threats effectively.

 

While tailored to the specific context of the Jordanian financial landscape, the framework draws upon international cybersecurity standards and best practices to promote a high level of security resilience.

 

The framework covers key domains essential for a comprehensive cybersecurity program, likely including areas such as Cyber Governance, Risk Management, Cyber Defense, Incident Management, and Third-Party Security, among others.

Who Should Comply with CBJ's Framework?

Compliance with the CBJ Cybersecurity Framework is mandatory for all institutions regulated and supervised by the CBJ. This primarily includes:

 

  • All licensed banks operating within the Kingdom.

  • Other financial institutions that fall under the direct supervision and regulatory authority of the Central Bank of Jordan.

 

These entities are required to implement the controls and requirements outlined in the framework to ensure a consistent and elevated level of cybersecurity across the sector.

Why is Compliance with the CBJ Cybersecurity Framework Important?

 

Compliance with the CBJ Cybersecurity Frameworkis a fundamental necessity for financial institutions in Jordan for several crucial reasons:

 

  • Regulatory Mandate and Avoidance of Penalties

  • Protecting National Financial Stability

  • Safeguarding Sensitive Customer Data

  • Effective Risk Management

  • Building and Maintaining Trust

Non-Banking Financial Institutes

 

 

CBJ is the regulator for a number of non-banking financial institutions, including Financing , Insurance , Currency Exchange , and Electrocnic Payment Service Providers and companies.

 

For Non-banking entities, CBJ has issued a separate Cybersecurtiy Guidance encompasing a number of controls on Governance, Technical & Operations, Incident Management, and Information Sharing.

 

Contact us for more information on how to comply with CBJ's Guidance on Cybersecurity Controls for Non-Banking Financial Intitutes

How Can We Help You?

Our services for CBJ CSF compliance include:

 

  • Framework Interpretation and Gap Analysis

.

  • Controls Implementation Assistance

 

  • Policy and Procedure Alignment

 

  • Framework Readiness Assessments

​​​​​​​

  • Ongoing Compliance Support

​​​​​​​

  • Security Testing Services