DriveLock support to achieve mandated CMMC and NIST certifications
U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security...
Do you have more than 50 employees or more than 10 million euros in turnover? Or are you classified as a critical organization by the government? Then you probably know that NIS2 is coming your way.
TABLE OF CONTENT |
The NIS2 Directive extends and builds upon the prior EU cybersecurity directive, NIS. Put forth by the European Commission, its purpose is to address and rectify the shortcomings identified in the original NIS directive.
The primary objective of NIS2 is to bolster the security of network and information systems across the European Union. It achieves this goal by mandating that operators of critical infrastructure and essential services adopt suitable security measures and promptly report any incidents to the appropriate authorities.
The growing threat situation from cyberspace and geopolitical developments are increasing the risk of critical infrastructure facilities being compromised by cyberattacks. That sounds like a challenging task.
The NIS2 Directive (EU) 2022/2555 therefore came into force on 13 January 2023.
The aim of this directive is to achieve a high standardized level of cybersecurity, particularly for critical facilities, service providers and authorities in the EU. Member states are required to transpose the requirements into national law by October 2024.
A total of 18 sectors are affected and therefore a significantly expanded target group of companies with at least 50 employees and a minimum annual turnover of 10 million euros. National legislators can name additional specific entities that they categorize as "essential" or "important" entities and should be regulated as such.
High criticality sectors | Other critical sectors |
Energy | Post and courier services |
Transport | Waste management |
Banking | Production, processing and distribution of food |
Financial market infrastructure | Manufacturing/Production of goods |
Health sector | Digital service provider |
Potable water | Research |
Sewage | |
Digital infrastructure | |
Management of ITC services (B2B) | |
Public administration | |
Space |
In addition to expanding the sectors of affected companies, NIS2 sets out specific requirements for the implementation of a minimum consensus on risk management measures, increased management responsibility combined with time-defined reporting deadlines and sanctions in the event of violations.
NIS2 emphasizes the responsibility of management. Legislators are serious about cyber security and are introducing stricter penalties for breaches. Companies must comply with three-stage reporting obligations in the event of serious security incidents (line 462ff. §31 reporting obligations), which apply in the event of operational disruptions or financial losses.
Late submissions can lead to penalties. It is therefore advisable to establish a reporting concept. This ensures that, in the event of a security incident, companies know which authorities need to be notified in order to meet the tight deadlines.
The aim of the NIS2 risk measures is to prevent security incidents or minimise their impact
To this end, institutions must take appropriate technical, operational and organizational measures to control and minimise the risks to their network and information systems.
Overall, comprehensive security controls help to ensure the integrity, availability and confidentiality of systems and data. DriveLock solutions and their combination of prevention, detection and response mechanisms form a robust line of defence against a wide range of cyber threats.
Organizations and companies that address the following security measures are best prepared for a successful NIS2 transformation:
|
Security Control |
DriveLock Modul |
|
Inventory |
Discovery |
|
Media Protection |
Device Control |
|
Malware Defense |
Application Control |
|
Secure Configuration |
Security Configuration Management |
|
Data Protection |
Encryption |
|
Security Awareness |
Security Awareness Campaigns |
|
Vulnerability Management |
Vulnerability Management |
|
Privilege Control |
User & Groups Management / SSO |
|
Incident Response |
Threat Detection & Response |
DriveLock helps you avoid cyberattacks and security incidents right from the start. Our technology helps to prevent security breaches, recognise potential threats early and take effective security measures before they become problems. Focus on proactivity and prevention instead of reactive measures.
Protect your end devices in just a few minutes at the touch of a button. Does DriveLock meet your requirements? Test our solutions easily and free of charge for 30 days.
U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security...
As we step into the digital frontier of 2024, the landscape of cybersecurity continues to evolve at an unprecedented pace. With each passing year, ...
The human firewall is the first and most important line of defence in the fight against cyberattacks. With the DriveLock Human Risk & Awareness...