Cybersecurity Framework: Version 5.0
Uruguay’s digital ecosystem has taken a key step forward in the field of cybersecurity with the release of version 5.0 of the AGESIC Cybersecurity Framework, which replaces version 4.2 and modernizes the national strategy. The update is not only technical: it also introduces new responsibilities at the executive level and a more stringent regulatory framework. International alignment – The Framework is updated to align with NIST CSF 2.0, incorporating the new “Govern (GV)” function alongside Identify, Protect, Detect, Respond, and Recover. This reinforces the strategic role of cybersecurity in organizational management. 72 requirements structured in 6 functions – Version 5.0 is structured around 72 concrete requirements, including sector‑specific best practices for sensitive domains such as health and payment systems. This makes it easier for organizations to tailor the framework to their operational reality. Adjustments to the maturity model – Changes are introduced in the formal 5‑level maturity model already in use, adding objectivity to evaluations by tying each level to specific controls that are explicitly defined. Strengthened guidance – Along with the new version, AGESIC published an Implementation Guide and an Audit Guide, which define how to apply the framework, evidence controls, and face internal or external audits. Broader regulatory reach – Decree No. 66/2025 expands the obligation: in addition to public institutions, certain private enterprises that provide critical services to the State must comply with the Framework. What was once a “best practice” becomes a legal requirement for many key actors. For organizations already working under version 4.2, the main migration challenges center on: Governance: assigning cybersecurity responsibilities at the executive level and formalizing the strategy. Maturity: defining a target maturity level and developing a remediation/improvement plan taking into account the controls required at each stage. Sector specificity & regulation: complying with industry‑specific requirements and adapting to new legal obligations. Version 5.0 of the Cybersecurity Framework represents an evolution toward a more comprehensive, modern, and enforceable scheme — aligned with international standards and with a clear focus on executive accountability. Uruguay thereby reinforces its commitment to more robust cybersecurity, both in the public sector and among critical private services. Datasec has been a companion to AGESIC for many years in assessing compliance with the Cybersecurity Framework, supporting both public agencies and private companies in their adoption processes. Today, the company takes a further step and positions itself as a strategic partner for those transitioning to version 5.0. Its team combines local experience, regulatory knowledge, and international methodologies to provide end‑to‑end support: from initial diagnosis to implementation of improvements and audit readiness. The value of working with Datasec lies in its ability to transform a regulatory requirement into an opportunity for institutional growth. It’s not just about compliance — it’s about strengthening digital resilience, optimizing management processes, and building trust among clients, users, and society at large. With flexible solutions adapted to each sector, Datasec is ready to turn cybersecurity into a competitive differentiator and a pillar of digital trust for Uruguay’s future. — For more information, write to us at contacto@datasec-soft.com Cybersecurity Framework: Version 5.0
Main updates in version 5.0
What it means in practice?
Datasec’s commitment to cybersecurity in Uruguay