# MIM6: Securing Data

## Use Cases

Standalone use cases on the scope of this MIM are of limited value. Therefore, we intend to complement/share other use cases of other MIMs, in particular *MIM3 Exchanging Data*. The integration of (shared) use cases will take place in fall 2025.

(<mark style="color:orange;">see the</mark> [Use Case Information](broken://pages/7jgRJ8arY8upncXUJ4xI) <mark style="color:orange;">for additional information</mark>)

## Description

As cities become smarter and more technology-driven, they become a target for cyber attacks with significant consequences in terms of costs and loss of services. In order to deliver reliable digital services for citizens, cities have to continuously evaluate the cyber risks and to put in place security measures to prepare for cyber attacks.

The first version of MIM 6 focuses on addressing interoperability for secure data transfer. The limited scope is to get progress and later iterations can and probably will expand the scope.

## Specifications

(<mark style="color:orange;">see</mark> [Notes](broken://pages/Uao0uLDzqYDTPPPL1uiP) <mark style="color:orange;">for Specifications from an earlier version of this MIM. This list includes relevant Specifications for the current stage of development; more detailed information to be added in due course</mark>)

<table><thead><tr><th>Standard</th><th width="265">Description</th></tr></thead><tbody><tr><td><a href="https://www.iso.org/standard/27001">ISO 27001:2022</a></td><td>Information security, cybersecurity and privacy protection — Information security management systems — Requirements</td></tr><tr><td><a href="https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards">IEC 62443</a></td><td>Requirements and processes for implementing and maintaining electronically secure industrial automation and control systems.</td></tr></tbody></table>

{% hint style="info" %}
**MIM6 Plus** (EU version): EU Directives and overarching acts are not specifications but often point to relevant specifications. The following provides a non-comprehensive list of EU regulations with direct relevance for the EU version of MIM6 - and possible guidance for the global MIM6 version.&#x20;

* [NIS2](https://digital-strategy.ec.europa.eu/en/policies/nis2-directive), or *Network and Information Systems 2*, is an EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU and is an important driver for cities working with secure data sharing.
* [CRA](https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act), or the Cyber Resilience Act, sets cybersecurity standards of digital products.&#x20;
* [RED](https://single-market-economy.ec.europa.eu/sectors/electrical-and-electronic-engineering-industries-eei/radio-equipment-directive-red_en), or the *Radio Equipment Directive*, establishes a regulatory framework for ensuring "safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum" when operating radio equipment. It also covers interoperability requirements.&#x20;
  {% endhint %}

## Interoperability Guidance

TBD

## Conformance and compliance testing

TBD


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mims.oascities.org/securing-data/mim6-securing-data.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.