Page:Cybersecurity Act 2018.pdf/68

Rh Amendment of Schedules

47.—(1) The Minister may at any time, by order in the Gazette, amend the First or Second Schedule.

(2) The Minister may, in any order made under subsection (1), make such transitional, incidental, consequential or supplementary provision as may be necessary or expedient.

(3) Any order made under subsection (1) must be presented to Parliament as soon as possible after publication in the Gazette.

Regulations

48.—(1) The Minister may make regulations for carrying out the purposes and provisions of this Act.

(2) Without limiting subsection (1), the Minister may make regulations for or with respect to all or any of the following matters:
 * (a) the procedure for the designation of a critical information infrastructure;
 * (b) the technical or other standards relating to cybersecurity to be maintained in respect of a critical information infrastructure;
 * (c) the responsibilities and duties of the owner of a critical information infrastructure;
 * (d) the type of changes that are considered material changes to the design, configuration, security or operations of a critical information infrastructure to be reported by the owner of the critical information infrastructure;
 * (e) the type of cybersecurity incidents in respect of a critical information infrastructure that are required to be reported by the owner of the critical information infrastructure;
 * (f) the requirements for, and the manner for the carrying out of, cybersecurity audits and cybersecurity risk assessments required to be conducted by the owner of a critical information infrastructure;