N2SF Overview
The National Network Security Framework (N2SF) is a new public security model that classifies security levels according to data importance and risk (MLS) instead of traditional physical network isolation and applies optimized security controls accordingly. It aims to enable the public sector to safely use the latest technologies like AI and cloud while thoroughly protecting national information assets. The Security Guideline 1.0 was officially released in September 2025, and in May 2026 the revised national cybersecurity directive abolished the blanket network-separation mandate in favor of C/S/O classification with differentiated controls.
Multi-Level Security (MLS) Layers
Key provisions and requirements of N2SF (National Network Security Framework).
C
Classified Systems
Systems handling classified information whose disclosure could seriously harm national security.
Key Requirements
- Strong controls equivalent to physical/logical network isolation
- Strict data encryption and integrity assurance
- Highest level of Zero Trust authentication framework
S
Sensitive Systems
Systems handling sensitive information that is not classified but whose disclosure could significantly affect government operations or citizens' interests.
Key Requirements
- Differentiated security controls based on risk assessment
- Granular Role-Based Access Control (RBAC)
- Continuous security monitoring and real-time threat response
O
Open Systems
Systems handling releasable information, with the highest flexibility for internet connectivity, cloud, commercial SaaS and AI services.
Key Requirements
- Security focused on service availability and user convenience
- Utilization of cloud-native security tools
- Preventing indiscriminate data training by AI services and ensuring transparency