We are thrilled to announce the release of the NIS2 Directive Article 21.2 onto our platform. This will help our European customer base comply with the directive’s requirements and strengthen their cybersecurity resilience. In this article, we share information about the directive, the importance of Article 21.2, and how the SecurityGate Platform can help.
What is the NIS2 Directive?
The NIS2 directive regulates cybersecurity for companies and government agencies. The directive will manifest as national law, which means that each organization encompassed by the directive will be required to live up to its requirements. NIS2 aims to bolster the cybersecurity of critical infrastructure sectors by enhancing the collective efforts of EU member states through increased cybersecurity enforcement requirements.
Member states must implement and disclose measures to comply with the regulations by October 17, 2024. Once the directive has been implemented, companies that do not comply with NIS2 will be subject to significant fines based on whether they are categorized as essential or important.
The number of covered sectors is increasing because the NIS2 Commission wants all organizations that maintain a critical societal position to be encompassed by the directive to strengthen Europe’s cyber resilience. The directive covers 15 sectors, including Energy, Drinking and Wastewater, Chemicals, and Transportation.
What is the Importance of Article 21.2?
Organizations are required to adopt robust cybersecurity practices by adhering to Article 21.2. Article 21.2 outlines ten minimum security measures for information systems, including risk assessments, security policies, incident handling plans, and business continuity plans.
Complying with Article 21.2 improves organizational resilience and contributes to the overall security of the EU’s digital infrastructure, resulting in a safer cyber environment for businesses and individuals.
Prior to Beginning a NIS2 Assessment in the SecurityGate Platform
The 29 security measures covered in the assessment are linked to default weights. The users can determine the weight of each security measure via the Weighted Model workflow prior to beginning the assessment. For instance, if the organization determines system segregation should weigh more than logging, then the users can configure the weights and apply them to the assessment.
How to Conduct a NIS2 Assessment Within the SecurityGate Platform
The NIS2 assessment in the SecurityGate Platform covers the Minimum-Security Measures for Operators of Essential Services (OESs) namely Energy, Transportation, Drinking & Wastewater, Chemicals, and Production.
The assessment includes four security domains, 11 sub-domains, and 72 security questions tailored to the security measures. All security questions are mapped to NIS2 Directive Article 21.2 (a)-(j) requirements.
Moreover, this assessment maps security measures to international standards such as NIST CSF, ISO 27001, and ISA/IEC 62443 in the “info” column.
NIS2 Assessment Grid
When taking the assessment, you are equipped with supplemental guidance in the “Evidence” column, which includes the recommendation of evidence (i.e., report documents, policies, records, etc.) to include in the assessment for compliance verification. It also includes other relevant information such as the control domain and subdomain.
After completing the assessment, you will be able to view insights in the Main Dashboard.
A report will also be generated, which provides detailed assessment results.
Ready to Start Your NIS2 Assessment?
If your organization is one of the member states mandated by the directive, SecurityGate can help you quickly start conducting a NIS2 assessment and cater to your needs. Our platform provides a secure location to distribute and collect assessment data, handling all the heavy lifting for you.
If you are ready to start your NIS2 assessment, book a demo or contact our team about getting started with the SecurityGate Platform.
