The Decree determines minimum common information security requirements, which include common frameworks for information security management and basic controls to ensure information security in the state administration, unless otherwise provided by the decree. It applies to state administration bodies (hereinafter: the body) and to other state bodies, local authorities, public agencies and holders of public authority and other entities that are connected with the central information and communication system (hereinafter referred to as the connected entity).