What is the NIS-2-Directive?

The NIS-2-Directive represents the EU-wide standard for cybersecurity and has a broader scope as compared to the original NIS-Directive. This means that more entities and sectors are now subject to risk management and incident reporting requirements than before.

Affected organisations must take appropriate technical, operational and organisational measures in order to manage the security risks of their network and information systems used for their operations or services. They must also take measures to prevent or minimize the impact of incidents on the users who use their services as well as other related services.

Who is Affected by the NIS-2-Directive?

The NIS-2-Directive affects entities from 18 sectors listed in Annexes I and II. These sectors are classified as “highly critical sectors” and “critical sectors”. In addition, the number of employees (>50) and the annual turnover or balance sheet total play a role in determining who is affected.

Requirements of the
NIS-2-Directive

The affected companies must take various measures to improve their cybersecurity in order to meet the NIS-2 requirements. In accordance with Chapter Chapter IV, Articel 21 of the NIS-2-Directive, the essential requirements include:

  • Concepts pertaining to risk analysis and security for information systems
  • Handling of security incidents
  • Maintaining business continuity measures such as backup-management and recovery after an emergency, and crisis management
  • Supply chain security including security-related aspects of the relationships between individual entities and their direct vendors and service providers
  • Security measures during the acquisition, development and maintenance of network and information systems, including management and disclosure of vulnerabilities
  • Concepts and procedures for evaluating the effectiveness of the risk management measures in the area of cybersecurity
  • Basic procedures in cyber hygiene and training in cybersecurity
  • Concepts and procedures for the use of cryptography and, if required, encryption
  • Personnel security, access control concepts and management of the personnel and asset management
  • Use of multi-factor authentication solutions or continuous authentication, secured voice, video and text communication and secure emergency communication within the organisation, if required

How HiScout Supports the Implementation of the NIS-2-Directive

The NIS-2-Directive does not determine a specific compliance framework. However, the requirements of the NIS-2 can be categorised in the NIST Cybersecurity Framework (2013). It covers the NIS-2 goals and is relevant for both – the IT and OT network environments. The NIST Cybersecurity Framework consists of five core functions, which are covered by IT-Basic Protection, ISO 27001 and BCM mapped in HiScout:

HiScout provides comprehensive support for fulfilling the NIS-2-Directive requirements and supports companies in increasing their IT security standards and complying with legal requirements. Our solutions cover the core requirements and offer extensive support for implementing NIS-2:

  • Risk management and information system security: Determining protection needs and risk analysis for security evaluation
  • Lifecycle management for the acquisition, development and maintenance of IT systems, components and processes
  • Management of vulnerabilities and security measures
  • Establishing a third-party risk management
  • Developing a complete, comprehensible and scalable security control framework
  • Overcoming security incidents through effective incident management, crisis management and emergency planning
  • Maintaining Operations: Backup management and business continuity in case of an emergency situation and recovery after an incident
  • Secured Emergency Communication: Managing emergency response Managing emergency response through trained crisis and emergency teams (BAO)
  • Awareness: To be prepared for security incidents through training, exercises and tests

With HiScout, you are fully equipped to fulfil the NIS-2 requirements and maximise your IT security.

Learn more about the NIS-2-Directive
and its Implementation in HiScout

Blog

Find out more about the NIS-2-Directive and how you can implement it with HiScout in a structured manner, in our blog.

 

read NIS-2 Blog

Webinar

You can find our latest video on the NIS-2-Directive and its implementation in HiScout on our YouTube channel.

 

HiScout Mitarbeiter am Telefon, um über GRC Tools, BCM, ISMS, Grundschutz und Co. zu sprechen
©
Friends Stock – stock.adobe.com

Make Your Company fit
for the NIS-2-Directive with HiScout

We are experts in the field of information security! Let us collectively find the best solutions for your organisation.

+49 (30) 33 00 888-0
sales@hiscout.com

No cookies requiring consent are used on the HiScout website. By continuing to browse the site, you agree to the use of other cookies. Website visits are analysed anonymously and in compliance with data protection regulations using the web analysis tool Matomo. Further information can be found in our privacy policy.