Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIS2 (Directive (EU) 2022/2555) Key Requirements #326

Open
peppelinux opened this issue Jun 19, 2024 · 0 comments
Open

NIS2 (Directive (EU) 2022/2555) Key Requirements #326

peppelinux opened this issue Jun 19, 2024 · 0 comments
Labels
informative

Comments

@peppelinux
Copy link
Member

Below the list of key requirements outlined in the Directive (EU) 2022/2555, along with references to the originating article items from the directive text:

  1. National Cybersecurity Strategies:
    Member States must adopt national cybersecurity strategies and designate competent authorities, cyber crisis management authorities, single points of contact, and CSIRTs. (Article 1(2)(a))

  2. Cybersecurity Risk-Management Measures:
    Entities must implement cybersecurity risk-management measures and comply with reporting obligations. (Article 1(2)(b))

  3. Information Sharing:
    Rules and obligations on cybersecurity information sharing are established. (Article 1(2)(c))

  4. Supervisory and Enforcement Obligations:
    Member States are required to enforce supervisory and enforcement obligations. (Article 1(2)(d))

  5. Scope of the Directive:
    The Directive applies to various public or private entities, including those providing essential services and digital services. (Article 2)

  6. Incident Response:
    Entities must process personal data necessary for the purposes of this Directive in accordance with GDPR. (Article 14)

  7. Essential and Important Entities:
    Definitions and criteria for identifying essential and important entities are provided. (Article 3)

  8. Sector-Specific Legal Acts:
    Provisions where sector-specific Union legal acts intersect with this Directive. (Article 4)

  9. Minimum Harmonisation:
    Member States may adopt provisions ensuring a higher level of cybersecurity. (Article 5)

  10. Definitions:
    Definitions of terms used within the Directive, such as "network and information system" and "cybersecurity". (Article 6)

  11. National Cybersecurity Strategy Details:
    Details on what should be included in national cybersecurity strategies. (Article 7)

  12. Vulnerability Management:
    Policies for managing vulnerabilities, including promoting coordinated vulnerability disclosure. (Article 7(2)(c))

  13. Cybersecurity Certification and Encryption:
    Policies on cybersecurity-related requirements for ICT products and services in public procurement. (Article 7(2)(b))

  14. Incident Handling and Reporting:
    Entities must handle and report incidents according to specified procedures. (Various Articles)

  15. Protection of Information:
    Obligations to protect information and ensure confidentiality during information exchange. (Article 13)
@peppelinux peppelinux changed the title NIS2 NIS2 (Directive (EU) 2022/2555) Key Requirements Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
informative
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@peppelinux