Establish and maintain a comprehensive NIS2 compliance framework.

• Governance and Management - NIS2.FR.GM.1

  Establish clear governance structures and management responsibilities for NIS2 compliance.

• Risk Management and Security Policies - NIS2.FR.RP.2

  Develop and implement risk management and cybersecurity policies aligned with NIS2.

• Framework Review and Improvement - NIS2.FR.RI.3

  Regularly review and improve the NIS2 compliance framework to ensure effectiveness and adapt to evolving threats.

Implement robust cybersecurity risk management measures as required by NIS2.

• Risk Assessment and Analysis - NIS2.RM.RA.1

  Conduct regular and comprehensive risk assessments to identify and analyze relevant cybersecurity risks.

• Security Measures Implementation - NIS2.RM.SM.2

  Implement and maintain appropriate technical organizational and procedural security measures to mitigate identified risks.

• Incident Handling - NIS2.RM.IH.3

  Establish and maintain incident handling procedures to effectively manage and respond to cybersecurity incidents.

• Business Continuity and Crisis Management - NIS2.RM.BC.4

  Implement business continuity and crisis management plans to ensure operational resilience in case of significant incidents.

• Supply Chain Security - NIS2.RM.SC.5

  Address cybersecurity in the supply chain including security aspects related to direct suppliers and service providers.

• Network and Information Systems Security - NIS2.RM.NS.6

  Implement measures to ensure the security of network and information systems.

• Security Awareness Training and Cyber Hygiene - NIS2.RM.ST.7

  Conduct regular security awareness training for staff and promote cyber hygiene practices.

• Cybersecurity Policies and Procedures - NIS2.RM.PP.8

  Develop and implement specific cybersecurity policies and procedures for various security domains.

• Cryptography and Encryption - NIS2.RM.CE.9

  Implement cryptography and encryption measures to protect data confidentiality and integrity.

• Vulnerability Management and Security Testing - NIS2.RM.VM.10

  Establish vulnerability management and security testing practices to identify and address security weaknesses.

• Access Control and Identity Management - NIS2.RM.AI.11

  Implement strong access control and identity management measures to manage user access and permissions.

Develop and maintain specific cybersecurity capabilities as required by NIS2.

• Incident Detection Capabilities - NIS2.CC.ID.1

  Implement capabilities for timely and effective detection of cybersecurity incidents.

• Security Logging and Monitoring - NIS2.CC.LM.2

  Implement comprehensive security logging and monitoring to provide visibility into security events.

• Network Security Capabilities - NIS2.CC.NS.3

  Implement network security capabilities to protect against network-based threats.

• Endpoint Security Capabilities - NIS2.CC.ES.4

  Implement endpoint security capabilities to protect user devices and prevent endpoint-based attacks.

• Data Backup and Recovery Capabilities - NIS2.CC.BR.5

  Implement data backup and recovery capabilities to ensure data availability and business continuity.

• Vulnerability Scanning Capabilities - NIS2.CC.VS.6

  Implement vulnerability scanning capabilities to regularly identify security vulnerabilities in IT systems.

• Security Assessment Capabilities - NIS2.CC.SA.7

  Develop security assessment capabilities to evaluate the effectiveness of security measures and controls.

Establish cybersecurity communication and reporting mechanisms as required by NIS2.

• Incident Reporting to Authorities - NIS2.CR.IA.1

  Establish procedures for reporting significant cybersecurity incidents to competent authorities as required by NIS2.

• Internal Incident Communication - NIS2.CR.IC.2

  Establish internal communication channels and procedures for cybersecurity incidents.

• Public Communication on Incidents - NIS2.CR.PC.3

  Establish guidelines for public communication regarding significant cybersecurity incidents.

• Cybersecurity Information Sharing (Voluntary) - NIS2.CR.IS.4

  Establish mechanisms for voluntary sharing of cybersecurity information with relevant stakeholders and communities.

Implement specific measures for Digital Service Providers as outlined in NIS2.

• Specific Security Measures for DSPs - NIS2.DSP.SM.1

  Implement specific security measures applicable to Digital Service Providers as defined in NIS2 Article 19.

• Designated Representative within EU - NIS2.DSP.DR.2

  Designate a representative within the European Union if the DSP is not established in the EU.

Comply with the NIS2 supervisory and enforcement framework.

• Cooperation with Competent Authorities - NIS2.SE.CA.1

  Cooperate fully with competent authorities in their supervisory and enforcement activities related to NIS2.

• Information Provision to Authorities - NIS2.SE.IP.2

  Provide necessary information to competent authorities for supervisory purposes as required by NIS2.

• Remediation of Identified Deficiencies - NIS2.SE.RD.3

  Implement remediation actions to address any deficiencies identified during supervisory activities or audits.

• Compliance with Enforcement Actions - NIS2.SE.CE.4

  Comply with enforcement actions and measures imposed by competent authorities in case of NIS2 breaches.