Extraordinary

Federal Republic of Nigeria

Official G a z e t t e
No. 107 Lagos - 25th June , 2024 Vol. 111

Government Notice No. 21

The following is published as supplement to this Gazette :

S. I. No. Short Title Page
20 Designation and Protection of Critical National Information
Infrastructure Order, 2024 B511-529

Printed and Published by The Federal Government Printer, Lagos, Nigeria

FGP 37/62024/600

Annual Subscription from 1st January, 2024 si Local : A100,000.00 Overseas : N131,000.00 [Surface
Mai : N150,000.00 [Second Class Air Mail]. Present issue N3,500 per copy. Subscribers who wish to obtain
Gaz: tte after 1st January should apply to the Federal Government Printer, Lagos for amended Subscriptions.
 B 511

CYBERCRIMES (PROHIBITION, PREVENTION, ETC.)

ACT, 2015
DESIGNATION AND PROTECTION OF CRITICA!, NATIONAL
INFORMATION INFRASTRUCTURE ORDEK, 2024

ARRANGEMENT O
F PARAGRAPHS
Paragraph :
1. Objective
2. Designation of Critical Nanal Information Infrastructure across identified
sector of the Nigerian economy
3. Development of Protection Plan for Critical National Information
Infrastructure
4. Establishment of Trusted Information Sharing Network
5. Implementation of the Critical National Information Infrastucture
Protection Plan and Other measures
6. Audit and Inspection of Critical National Information Infrastucture
7. Offences against Critical National Information Infrastucture
8. Citation
SCHEDULE
 B 513

S. I. No. 21 of 2024
CYBERCRIMES (PROHIBITION, PREVENTION, ETC.)
ACT, 2015
DESIGNATION AND PROTECTION OF CRITICAL NATIONAL
INFORMATION INFRASTRUCTURE ORDER, 2024
[24th Day of June, 2024] Commence-
ment
In exercise of the powers conferred on me by section 3 of the Cybercrimes
(Prohibition, Prevention, Etc.) Act, 2015 (as amended), and all other powers
enabling me in that behalf, I, BoLA AHMED TINUBU, President, Federal Republic
of Nigeria, make the following Order -
Objectives
1.—(1) The objectives of this Order are to —
(a) designate certain Information and Communications Technology
systems (ICT), networks and infrastructure operating ni Nigeria, as Critical
National Information Infrastructure (CNII) ;
(b) develop cohesive measures and strategies for the security and
protection of CNII, and ensure their continued operation ;
(c) adopt proactive and holistic approach ni the identification, security
and protection of CNIl ;
(d) reduce to the barest minimum, incidences capable of damaging,
disrupting, or interfering with the operation, functionality, or integrity of
CNII ; and
(e) ensure the effective functioning of ICT systems, networks, and
infrastructure, which are critical to driving national imperatives, economic
development, national security and defense, public health and safety, and
government operations.
.2 (1) Computer systems, networks, and communication infrastructures oD esignation
f Critical
acquired, installed, deployed, and operated in sectors of the Nigerian economy National
listed ni the Schedule to this Order are hereby designated as CNII. Information
Infrastructure
(2) The sectors of the Nigerian economy referred to ni sub-paragraph across
(1) of this paragraph are — identified
(a) power and energy ; sectors of
the Nigerian
(b) water ; economy
(c) information, communication, science and technology ;
(d) banking, finance and insurance ;
(e) health ;
(f) public administration;
(g) education ;
(h) defense and security ;
B 514
(i) transport;
(i) food and agriculture ;
(k) safety and emergency services ;
(L) industrial and manufacturing; and
(m) mines and steel.
(3) The National Security Adviser (NSA) may, with the approval of the
President, update the list of sectors ni the Schedule ot this Order, taking into
consideration emerging technologies and platforms, ni line with the Cybercrimes
(Prohibition, Prevention, Etc.) Act ("the Act"), and the National Cybersecurity
Policy and Strategy ("the Policy").
(4) Any update made pursuant to sub-paragraph (3) of this paragraph
shall be published ni hte Federal Gazette.
Development 3. The Office of the National Security Adviser (ONSA) shall, ni
of Critical collaboration with relevant CNII stakeholders, develop —
National
Information (a) a comprehensive Critical National Information Infrastructure
Infrastructure
Protection Plan (CNIIPP) ; and
Protection
Plan (b) guidelines, specifying minimum standards, rules, and procedures for
the protection, preservation and general management of designated CNII,
for the approval of the President.
Establishment 4.—(1) The ONSA shall, in collaboration with relevant CNII
o f Trusted stakeholders, establish a Trusted information Sharing Network (TISN), as a
Information multidisciplinary framework, comprising—
Sharing
Network (a) owners and operators of CNII ;
(b) representatives from relevant Ministries, Departments, and Agencies
of government (MDAs) ; and
(c) identified private sector organisations, to —
(i) build and execute awareness campaigns on risks to CNII,
(ii) share information and techniques required to assess and mitigate
risks in a decentralised manner across sectors of the economy, and
(iii) implement capacity building initiatives to strengthen and
mainstream resilience and protection of the infrastructure and networks.
(2) Members and entities within the TISN shall collaborate and share
information on threats and vulnerabilities, and develop strategies and solutions
to mitigate known and evolving risks.
Implementation 5. The ONSA shall ni collaboration with relevant CNII stakeholders,
of the
CNIIPP and
implement the CNIIPP and such other measures, as may be established, to
other prevent unauthorised access, disclosure, theft, vandalism, destruction, and
Measures unlawful interference with the operations of designated CNII in the various
sectors of the Nigerian economy.
 B 515
to ensure Audit and
6. The ONSA shall periodically audit and inspect CNII inspection
compliance with the provisions of the Act, and any guideline or rule made of CNII
pursuant to this Order.
Offences
7. Any person, who — against CNII
(a) withou t authorisation, and for fraudulent purposes, accesses i
n whole
or ni part, or tampers with any CNII ;
(b) intentionally, or for fraudulent purposes, does an act, which, directlf ya
oning o
or indirectly, hinders or interferes with the performance or functi
CNII; or
(c) commits an unlawful act against any CNII,
ribed ni
commits an offence, and is liable to such penalties as may be presc
Part of the Act.
Citation
8. This Order may be cited as the Designation and Protection of Critical
National Information Infrastructure Order, 2024.

DATED this 24th day of June, 2024.

BOLA AHMED TINUBU, GCFR

President, Federal Republic of Nigeria
B 516
SCHEDULE
LIST O
F IDENTIFIED COMPUTER SYSTEMS NETWORKS, ASSETS AND
COMMUNICATONS SYSEMS DESIGNATED AS CRITICAL NATIONAL
INFORMATION INFRASTRUCTURE
[Paragraph 1(1)]

S/N Critical Sector Critical Critical Services (CNI Regulatory

Subsector Agency
(a) (b) (c) (d) (e)

1. Power and (ạ) Transmission and Distribu- (a) Nigerian

Energy tion Information System. Upstream
(b) Energy Management Petroleum
System. Regulation
(c) Vendors Financing System. Commission.
Oil and Gas (d) Pipeline Product Data
(b) Nigerian
Management System. Midstream
(e) Geospatial Management and Downstream
Systems. Petroleum
(f) Oil and Gas Assets Regulatory
Information System.
Authority.
(a) Grid Substation (SCADA
System).
(b) Bulk-load Substation.
(c) Transmission Base Station. Ministry of
Power Generation (d) All Generation, Power
and Distribution Transmission and
Distribution of Critical ICT
Infrastructure.
(e) Computerised Systems and
Networks.
2. Water (a) Spillways/Dam Gate
Control Systems.
(b) Water Treatment Plants.
Dams and Water (c) National Water Resources
Ministry of
Water
Stations Information System. Resources
(d) SCADA and other ICT
related Systems.
3. Information, (a) Telecommunication Towers/ Ministry of
Communications, Communications Sites. Communication
Science and (b) Teleco mmunication Switch and Digital
Companies stations. Economy
Technology
 B 517

S/N Critical Sector Critical Critical Services (CNI) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
(c) Telecommunication Power
system.
(d) Telecommunication cables.
(e) Data Center Facilities.
(f) Satellite Infrastructure.
(g) Nigeria Internet Landing
Points.
(h) Submarine Cables (including
but not limited to SAT-3
cable, Main One cable, Glo
1 cable, ACE Cable, West
Africa Cable System
(WACS) cable, Equiano
Cable by Google/WOICC).
(i) Base Stations and Base
Station Controllers.
( ) Base Transceiver Stations.
(k) Media Gateways.
(1) Mobile Switching Centres
(m) Network Operating
Centres.
(n) Optic Fibre Networks,
Fiber Optic Cables, Ducts,
Optic Fibre Switching
Centres, Routers, and
other Fiber Equipment.
(o) Transmission Equipment.
(p) Satellites including Ground
Equipment and Shelters.
(q) Transponders.
(r) Point of Presence Sites.
(s) Cubicles for Nodal Points.
(t) Telecommunications Power
Systems.
(a) Internet (a) Africa Coast to Europe
Service Providers System.
(b) Exchange point (b) National Fiber Network
(c) Nigeria (Last Mile Providers).
Internet
(c) Platform, systems and
Registration critical infrastructures.
Association
B 518

S/N Critical Sector Critical Critical Services (CNI) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
Nigerian SIM Card Registration
Communications Database.
Commission
Galaxy Backbone (a) E-government Platforms.
(b) Galaxy Backbone National
Data Center.
(c) National Shared Services
Centre.
National Identity (a) NIMC Database.
Management (b) NIMC Database Failover/
Commission Back-up.
(NIMC) (c) Other ICT.
Nigerian (a) Nigerian Communication
Communication Satellite (NigCOMSAT)
Satellite and all its communications
(NigCOMSAT™ facilities.
(b) Transponders.
(c) All Satellite Ground
Stations.
Inter-Bank (a) Nigeria Inter-Bank
Payment Systems Settlement System.
(b) Real Time Gross Settlement
System.
(c) National Central Switch.
(d) Nigerian Automated
Clearing System.
Electronic (a) All Electronic Payment
Transaction Gateways. Central Bank o f
(b) Interswitch Digital Payment Nigeria
Solutions of Payment
Service Providers critical to
Government and Public
delivery.
.4 Banking/ (a) Bank Verification Number
Finance& Database.
Insurance Central Bank of (b) Treasury Single Account
Nigeria (CBN) Database.
(c) Security Operations
Centers, Data Centres, and
 B 519

S/N Critical Sector Critical Critical Services (CAM) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
Disaster Recovery Sites of
Financial Institutions.
(d) SWIFT Database.
Federal Civil (a) Integrated Personnel & Office of
Service Payroll Information Accountant
Management and System(IPPIS). General of the
Payroll System (b) Governmentintegrated Federation
FinancialManagement
InformationSystem
GIFMIS.
Financial Trading (a) Trading Platforms and
Systems for Capital Nigeria Stock
Market Operations. Exchange
(b) Central Security Clearing
System.
(a) Health Insurance
Management System.
(b) Telemedicine Services
National Health Information System.
Insurance Scheme (c) Health Management
Information System.
Hospitals (d) Monitoring & evaluation
Software.
Nigeria Center for (e) Diseases Surveillance
Diseases Control Management System.
(f) Health Facility Register.
(g) Yellow cardRegistration
system. Ministry of
Health
National Agency (a) NAFDAC e-license Health
for Food and System.
Drugs (b) Inspection Classification
Administration Database.
and Control (c) Product Registration &
National Institute Regulation System.
for Medical (d) Registered Products
Research Database.
National Primary
(e) Foreign GMP Inspections
System.
Healthcare
(f) Ports Inspection System.
Development (g) Local GMP Inspection
Agency System.
В 520

S/N Critical Sector Critical Critical Services (CNIl) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)

6. Public Ministry (a) Galaxy Backbone Ministry of

Administration Department and Information Infrastructure. Communications
Agencies (b) e - G o v e r n a n c e s y s t e m .
(c) National Public Key
Infrastructure (NPKI), its
infrastructure and backups.
(d) Al the Sectorial CERTS not
limited to the Defence
CERT at DSA, NITDA-
CERRT.ng, NCC CSIRT,
CBN SOC and all CERTs
from MDA.
(e) All Security Operations
Centres for both Govern-
ment and Private
companies critical service
delivery.
(f) All infrastructures, data
base, monitoring platforms
and backups of the
Sectoral CERTs and SOCs.
Nigeria (a) e-Passport Database.
Immigration (b) NIS Portal &database.
Service (c) Personnel Management
System.
(d) NIS Management System
and database.
(e) Other critical ICT
Database, infrastructure
and s stems.
Federal Inland (a) Cloud Solutions and Secretary to the
Revenue Service Services. Government o f
(b) Content & Portal the Federation
Solutions.
(c) Enterprise Backup and
Recovery Solutions.
(d) E R P & C R M Solutions.
(e) U n i fi e d C o m m u n i c a t i o n s
Solutions.
 B 521

S/N Critical Sector Critical Critical Services (CNID Regulatory

Subsector Agency
(a) (b) C) (d) (e)
Nigerian (a) Inmates Database.
Correctional (b) Other critical ICT
Service Database, infrastructure
and systems.
Independent (a) Voters' Register Database. INEC
National Electoral (b) Card Readers.
Commission
.7 Education Joint Admissions (a) JAMB Portal & Database.
and Matriculation (b) JAMB Payment Systems.
Board (JAMB) (c) JAMB Records Ministry of
Management System. Education
(d) U TME Dat abas es.
(e) Personnel Management
System.
(f) Computer Based Test
Databases
West African (a) WAEC Recruitment/
Examination Examiner Portal &
Council (WAEC) Database.
(b) Employees Management
System.
(c) WAEC Records
Management System.

National (a) NECO Recruitment/

Examination Examiner Portal and
Council (NECO) Database.
(b) NECO Result Management
System.
(c) Personnel Management
System.
Tertiary (a) TetFund Portal and
Education Trust Database.
Fund (TetFund) (b) Employees Management
System.
(c) TetFund Records
Management System.
B 522

S/N Critical Sector Critical Critical Services (CNII) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)

Universal Basic (a) Portal & Database.

Education (b) Employees Management
System.
(c) Records Management
System.
Defence and Nigerian Army (a) Personnel Management Ministry of
Security System. Defence
(b) NA Portal & Database.
(c) Deep Blue Project (Land
Warfare Component).
(d) Nigerian Army Wdie Area
Network.
(e) Computerised Weapons
and Missile systems.
(f) Other Critical ICT
Computerised Munition
Systems.
(g) Cybersecurity Platforms,
Systems and Data Centres.
Nigerian Navy (a) Falcon Eye Project.
(b) NN Portal & Websites.
(c) NN Personnel Management
System.
(d) NN Fleet Management
System.
(e) Deep Blue Systems
(Maritime Component).
(*) Other Critical ICT
Computerised Munition
Systems.
Nigerian Air (a) NAF Stock Management
Force (NAF) System.
(b) NAF Personnel
Management System.
(c) Intelligence Surveillance &
Reconnaissance Sensor
Datalink Downstream.
(d) Geospatial Intelligence and
Data Analysis Network.
(e) NAF Portal &. Websites.
( f ) O t h e r Critical -ICT
Computerised Munition
Systems.
 B 523

S/N Critical Sector Critical Critical Services (CNIL) Regulatory

Subsector Agency

(a) （
6） (c) (d) (e)

Defence Space (a) DSA Portal & Database.

Administration (b) Personnel Management
(DSA) System.
(c) DSA Launch Services and
Space Operations Centre.
(d) Satcom and Navigation
Database.
(e) Cyber Operations
Platforms, systems and Office of the
Database. National Security
(f) DSA Research Database. Adviser
Defence and
Security Office of the (a) National Information
National Security Communications and
Adviser Education Programme
(NICEP) Il Security
Element.
(b) Falcon Eye Project.
(c) Signals Intelligence
Systems.
(d) Other Critical ICT Office of
the Computerised
Munition National
Systems.
(e) Other Critical Intelligence
information sharing and
Communication related
platforms/systems.
(f) Strategic Cybersecurity
Platforms, systems and
Databases.
(g) Strategic National data
Centres.

Defence (a) DIA Portal & website.

Intelligence (b) Personnel Management
Agency (DIA) System.
(c) Intelligence Fusion
Agency Center.
(d) Data Centres and
infrastructures.
B 524

S/N Critical Sector Critical Critical Services (CNIl) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
Department of (a) DSS Portal & Database.
State Service (b) Personnel Management
(DSS) System.
(c) Strategic ICT platforms
and Systems.
National (a) NIA Portal & Database.
Intelligence (b) Personnel Management
Agency (NIA) System.
(c) Database Management
System for Foreign
Nationals.
(d) Database for Nigerian
Embassy.
National Centre (a) NCCSALW Portal &
for the Control of Database.
Small arms and (b) Personnel Management
Light Weapons System.
(NCCSALW) (c) Database.Management
System for Weapons and
Arms.
(d) Other ICT Platforms,
infrastructures and
Systems.
Nigeria Police (a) NPF Portal & Database.
Force (NPF) (b) Personnel Management
System.
(c) Force Criminal
Investigation and
Intelligence Management
System Database.
(d) NPF Operations Registry.
(e) NPF Police Biometric
Central Motor Registry
(BCMR).
(f) Automatic Fingerprint ID Ministry of
System. Interior
Defence and
(g) Force Communication
Security Infrastructure.
(h) National Public Security
Communications system
(NPSCS).
(i) Interpol Database.
 B 525

S/N Critical Sector Critica l Critical Services (CNIL) Regulatory

Subsector Agency
(a) (b) (d) (e)

Nigeria Security (a) NSCDC Portal & Database.

and Civil Defence (b) Personnel Management
Corps (NSCDC) System.
(c) Disaster and Crisis
Management System.
(d) Intelligence and
Investigation Database.
Nigerian Custom (a) NCS Portal & Database. Nigerian
Service (NCS) (b) Personnel Management Custom
System. Service (NCS)
(c) E-Auction Database
Import and Export
Management System.
National Drug (a) NDLEA & Database. National Drug
Law Enforcement (b) Personnel Management Law
Agency System. Enforcement
(NDLEA) (c) Other Critical ICT Agency
Platforms and (NDLEA)
Infrastructures.
Critical Defence (a) Critical ICT infrastructure
Establishments of Defence Industries
including, Defence
Industries Corporation of
Nigeria, Naval Dockyard
Limited, amongst others.
(b) ICT Infrastructure and
Database containing
research output of
D e f e n c e research
establishment, including
Nigerian Defence
Academy, National
Defense College, Nigerian
Army Resource Centre,
War Colleges of the
various Services, Armed
Forces Command and Staff
College, National Institute
for Security Studies, and
other critical institutions of
similar nature.
В 526
S/N Critical Sector Critical Critical Services (CNII) Regulatory
Subsector Agency
(a) (b) (c) (d) (e)
Economic and (a) EFCC Portal and database. EFCC
Financial Crimes (b) Personnel Management
Commission System.
(EFCC) (c) Other critical ICT
platforms and
infrastructures.
Nigerian (a) NHI-J Portal and NFIU
Financial Database.
Intelligence Unit (b) Crime records information
(NFIU) management system and
database.
(c) Personnel Management
System.
(d) Other critical ICT
platforms and
infrastructures.

Transport Federal Airport (a) FAAN Portal & Database. Ministry of

Authority of (b) Personnel Management Aviation
Nigeria (FAAN) System.
(c) Safety Management
Systems.
(d) FAAN Payment System.
Nigerian Civil (a) NCAA & Database.
Aviation (b) Personnel Management
Authority System.
(NCAA) (c) Air Transport
Management Systems.
(d) Air Traffic Control &
Management Systems.
Nigerian Airspace (a) NAMA & Database.
Management (b) Personnel Management
System (NAMA) System.
(c) E-Payment System.
(d) E-Flight Clearance System.
(e) Aeronautical Information
Service.
Nigerian Civil (a) NCAT Portal & Database.
Aviation (b) Personnel Management
Technology System.
(NCAT)
 B 527

S/N Critical Sector Critical Critical Services (CNII) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
(c) Tel ec ommunicat ions
Database.
(d) Aviation Management
System.
(e) Aeronautical Telecom
Engineering Management
System.
(f) Safety Reporting System.
Transport Nigerian (a) NIMET Portal & Database. Ministry of
Meteorological (b) Personnel Management Transportation
Agency System.
(NIMET) (c) Weather Forecasting and
Climate Research
Management S stem.
Accident (a) AIB Portal & Database.
Investigation (b) Personnel Management
Bureau (AIB) System.
(c) Accident/Incident
Reporting System.
Nigeria Railway (a) NRC & Database.
Corporation (b) Personnel Management
(NRC) System.
(c) Railway Transport
Management System.
(d) Train Operations and
Signaling System.
(e) Railway Ticketing and
Revenue Management
System.
Nigeria Ports (a) NPA Portal & Database.
Authority (NPA) (b) Personnel Management
System.
(c) NPA Health, Safety and
Security Management
System.
(d) Harbour Services and
Cargo Handling Systems.
(e) NPA Strategic
Communications Systems.
B 528

S/N Critical Sector Critical Critical Services (CNIl) Regulatory

Subsector Agency
(a) (b) (c) (d) (e)
(f) Marine and Operations
Management System.
(g) Other Critical ICT
Platforms and
Infrastructures.
Nigerian Maritime (a). NIMASA Portal &
Administration Database.
and Safety (b) Personnel Management
Agency System.
(NIMASA) (c) Cabotage Services
Management System.
(d) Maritime Safety and
Security Management
System.
(e) Ship Registration Portal.
(f) Seafarer Qualification &
Certification Systems.
(g) Deep Bule Infrastructure
and Systems.
10. Food and Nigeria Incentive (a) Agricultural Management Ministry of
Agriculture Based Risk Information Systems. Agriculture
Sharing System (b) Agricultural Softwares.
for Agricultural (c) ICT Infrastructure with
Lending information and records
of National Grain Reserve
and Silos.
(d) Other Strategic ICT
Platforms and systems.
11. Emergency/ National (a) NEMA Portal and other Ministry of
Services Emergency ICT Platforms. Interior
Management (b) National emergency
Agency (NEMA). database, strategic C
IT
systems and infrastruc-
tures.

Federal Road (a) Drivers' License

Safety Corps Database.
(b) Number Plate Database
registration database
 B 529

S/N Critical Sector Critical Critical Services (CNIl) Regulatory

Subsector Agency
(a) (b) (c) （
4） (e)
12. Industrial and Textiles, (a) Industrial &Manufacturing Ministry of
Manufacturing Automobiles and SCADA Systems. Industry,
other critical (b) Control and Automation Trade and
industrial sectors Cyber-Physical Systems. Investment
Solid Minerals (c) Other critical ICT platforms
and infrastructures.
13. Mines and (a) Ajaokuta Steel Company Ministry of
Steel ICT Infrastructure. Mines and
(b) Automated Control system Steel
and infrastructure. Development
(c) ICT Infrastructure of all
other major mines and steel
companies with critical
impact.
(d) Other critical ICT plat-
forms, infrastructure and
systems.