Compliance with the NIS 2 Directive
The NIS Directive was the first EU initiative to establish a uniform regulatory framework for cybersecurity, and the NIS 2 Directive aims to close the existing gaps.
It introduces stricter requirements for risk management and incident reporting. EU Member States have until 17 October 2024 to transpose NIS2 into national law.
.png?width=2000&height=1000&name=NIS2%20DIRECTIVE%20(2).png)
NIS 2 at a glance: Article 21
NIS 2 extends the scope of the legislation to more sectors, such as energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructures, ICT service management, public administration and space.
Perhaps the most relevant aspect is addressed in Article 21 of EU Directive 2022/2555, entitled Cybersecurity risk management measures, which are based on a multi-risk approach aimed at protecting networks and information systems and their physical environment from incidents and include at least the following elements:
- information systems security policy and risk analysis
- incident management
- business continuity, such as backup management and disaster recovery, and crisis management
- supply chain security, including security aspects relating to the relationship between each entity and its direct suppliers or service providers
- security of procurement, development and maintenance of computer and network systems, including vulnerability management and disclosure
- strategies and procedures for assessing the effectiveness of cyber security risk management measures
- basic cyber hygiene practices and cyber security training
- policies and procedures relating to the use of encryption and, where appropriate, scrambling; human resources security, strategies and procedures for assessing the effectiveness of cyber security risk management measures; basic cyber hygiene practices and cyber security training
- human resources security, access control strategies and asset management
- use of multi-factor or continuous authentication solutions; secure voice, video and text communications; and secure internal emergency communication systems, where appropriate.
Benefits of ReeVo for NIS 2
The breadth of ReeVo's service portfolio and its integration offer the optimal response to the need to comply with the new directive.
See the mapping of ReeVo services to Article 21 measures.
Assignment of ReeVo and NIS 2 services
Information Systems Security Risk Analysis and Policies
Cyber Risk Assessment, Cyber Attack Simulation, Cyber Threat Intelligence
Incident Management
24/7/365 ReeVo SOC H and Incident Response Service
Business Continuity
ReeVo Cloud Backup & Disaster Recovery
Supply Chain Security
Cyber Threat Intelligence
IT and network systems acquisition, development and maintenance, vulnerability management and disclosure
Vulnerability management (continuous vulnerability assessment), cyber-attack simulation
Strategies and procedures for assessing the effectiveness of cyber security risk management measures
Specialised consultancy activities
Basic cyber hygiene practices and cybersecurity training
ReeVo awareness platform
Policies and procedures related to the use of encryption and scrambling
ReeVo Document Encryption
Multi-factor authentication or continuous authentication solutions, secure voice, video and text communications, and secure internal emergency communication systems, where appropriate
Work with certified ReeVo business partners
