What is NIS2?

YOUR PARTNER IN THE LEADING IT HUB IN SOUTHEAST EUROPE/EASTERN EUROPE
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. This is a revision of the Network and Information Systems Directive (NIS) from 2016. It sets out minimal measures to be taken to ensure a high common level of cybersecurity. All member states must apply NIS2 in their local legislation until October 2024!

Who needs to comply?

Your company is affected by NIS2 if:
➤ It is in a significant or essential sector and industry;
➤ It is large enough;
➤ It is a supplier of a company of Category 1 and 2;
YOUR PARTNER IN THE LEADING IT HUB IN SOUTHEAST EUROPE/EASTERN EUROPE

Significant sectors and industries are:

● Energy
● Transport

● Financial institutions

● Market infrastructure

● Drinking water

● Wastewater

● Digital infrastructure and providers

● Public administration

● Space activities

Essential sectors and industries are:

● Postal services

● Waste management

● Chemical products

● Manufacturing, distribution, and production of food

● Manufacturing and production of pharmaceuticals, electronics, optical equipment, machinery, vehicles

● Healthcare

How to comply?

For sure that can be said after all national legislations are passed (due date October 2024). It might be that companies must be compliant with more than one legislation if they operate (as suppliers) in more than one country in the EU. However, these legislations must at least implement the minimal measures (Chapter 4, Article 21) from the directive:

(a) policies on risk analysis and information system security;

(b) incident handling;

(c) business continuity, such as backup management and disaster recovery, and crisis management;

(d) supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;

(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;

(f) policies and procedures to assess the effectiveness of cybersecurity risk-management measures;

(g) basic cyber hygiene practices and cybersecurity training;

(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;

(i) human resources security, access control policies and asset management;

(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.

YOUR PARTNER IN THE LEADING IT HUB IN SOUTHEAST EUROPE/EASTERN EUROPE

How can Identity Management help my enterprise to achieve NIS2 compliance?

Identity Management can support achieving NIS2 compliance with almost every measure from those listed above. Using specific features from Identity Governance and Administration (IGA), Access Management (AM) and Privileged Access Management (PAM) solutions alone or in a platform can give you the means to fulfill what is requested. Such features are e.g the dashboards and reports from the IGA tools, the information on the security events of AM tools, the monitoring of the privileged sessions in PAM or the Joiner-Mover-Leaver processes in the IGA tools.

Can you support me with the compliance process?

We certainly can! Book a free appointment with us and we are going to discuss the next steps!

Our Advantage

With more than 15 years of experience in Near Shore, we are high level consultants who speak English and German, thus creating an On Shore feeling.