Every Italian Pubblica Amministrazione (ministeri, enti locali, regioni, ASL, universita) plus any private supplier processing PA data on their behalf.

Home › Compliance › AgID

AgID Misure Minime compliance software for the Italian PA.

Q: What are the AgID Misure Minime?

Mandatory minimum ICT security measures for the Italian public administration, published in Circolare AgID 18/2017. ABSC controls grouped into 13 areas (inventory, configurations, vulnerabilities, privileged access, etc.) at three implementation levels - Minimo, Standard, Alto.

Q: How does this relate to NIS2?

ACN (the successor to AgID's cyber role) supervises NIS2 in Italy. The AgID Misure Minime remain the operational baseline; NIS2 adds governance and reporting overlays. Run both in one workspace.

ABSC controls from Circolare AgID 18/2017 pre-loaded across the three livelli - Minimo, Standard, Alto. Inventory of devices and software, hardening baselines, vulnerability scanning, privileged-access control, backup with restore tests, system-admin logging per Provvedimento Garante. Built for ministeri, regioni, comuni, ASL, universita and the suppliers serving them.

Open the portal See pricing

What are the AgID Misure Minime?

The Misure Minime di Sicurezza ICT per la Pubblica Amministrazione, published by AgID as Circolare 18/2017, are the mandatory minimum security measures every Italian PA must apply. The ABSC (AgID Basic Security Controls) are grouped into 13 areas covering inventory, configurations, vulnerability management, privileged access, malware defences, backups and logging - at three implementation levels Minimo, Standard and Alto.

Who needs to comply

Italian ministeri, regioni, province and comuni
Aziende sanitarie locali, ospedali pubblici, universita statali
Enti pubblici economici and societa partecipate in scope of CAD
Private suppliers (SaaS, hosting, BPO, consulenza) contracting with any of the above

Key AgID capabilities in Dazr

ABSC 1-2 InventarioDevices and software inventoried with DHCP and rogue-device detection at Alto.

ABSC 3 ConfigurazioniHardening baselines as code, drift remediated within 14 days.

ABSC 4 VulnerabilitaContinuous scanning + 7/14/30-day SLAs by severity.

ABSC 5 PrivilegiSeparate admin accounts + MFA on every privileged login.

ABSC 10 RipristinoAutomated backups + annual restore test scheduled and logged.

Garante Amm.ri di SistemaSysadmin log retention >= 6 mesi and monthly review.

What auditors look for

The Internal Audit team or the RTD (Responsabile Transizione Digitale) walks the ABSC controls at the dichiarato livello. The Garante per la Protezione dei Dati Personali also checks sysadmin logs per Provvedimento 27/11/2008. Dazr keeps both audit-ready year-round.

How Dazr helps with AgID

Pre-loaded ABSC controls at Minimo / Standard / Alto
Run AgID alongside ISO 27001, GDPR and AGID Cloud Qualification in one workspace
Sysadmin-log review scheduled and tracked per Provvedimento Garante
Supplier register cascading AgID obligations
Hand the auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

AgID questions, answered.

What are the AgID Misure Minime?

Mandatory minimum ICT security measures for the Italian PA, in Circolare AgID 18/2017. ABSC controls at three levels - Minimo, Standard, Alto.

Who has to comply?

Every Italian Pubblica Amministrazione plus any private supplier processing PA data on their behalf.

How does this relate to NIS2?

ACN now supervises NIS2 in Italy. The AgID Misure Minime remain the operational baseline; NIS2 adds governance and reporting overlays. Run both in one workspace.

Where is data hosted?

European Union only. AES-256-GCM at rest. Italian entity, EU jurisdiction - native fit for Italian PA contracts.

Ready to start your AgID programme?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks