What is the NIS2 Directive?

The Importance of the NIS2 Directive

NIS2 creates a standard set of cybersecurity requirements for organizations providing essential or important services to EU member states. By doing so, it reduces the risk that cyberattacks against these organizations could result in significant repercussions for EU citizens.

What are the NIS2 Requirements?

NIS2 creates four sets of high-level organizational requirements, including:

• Risk Management: Organizations should manage their cyber risks via incident response, supply chain security, network security, access control, and the use of encryption.
• Corporate Accountability: Corporate management is accountable for the organization’s security and should take an active, informed role in cyber risk management.
• Reporting Obligations: NIS2 defines reporting requirements for significant security incidents, including a 24-hour “early warning”.
• Business Continuity: Affected organizations should have business continuity strategies in place, including creating recovery plans, emergency procedures, and a crisis response team.

Additionally, it specifies a set of ten minimum requirements, which include:

1. Performing risk assessments and implementing security policies for IT systems.
2. Implementing policies and procedures for the use of cryptography and encryption.
3. Securing and managing vulnerabilities in system procurement.
4. Implementing security procedures for users who can access sensitive data.
5. Using multi-factor authentication (MFA), continuous authentication, and encrypted communications when appropriate.
6. Evaluating the effectiveness of the security controls put in place.
7. Planning for incident detection and response.
8. Training employees on basic computer hygiene.
9. Planning for business continuity and disaster recovery (backups, continued access, etc.)
10. Securing the supply chain and how the company manages potential vulnerabilities in third-party relationships.

Ensure that Your Business is in Compliance with the NIS2 with IGS

The NIS2 directive is designed to limit the risk that cyberattacks against essential and important entities within the EU will impact their ability to provide services to EU citizens. This update to the original NIS expands the scope of the directive, implements updated requirements, and provides regulators with the power to levy additional, more stringent penalties against organizations that fail to comply with its requirements.

Achieving compliance with the NIS2 directive by deadlines in Q4 2024 is essential for all affected organizations and requires the implementation of a robust cybersecurity program. Check Point offers support for companies attempting to achieve this and other cybersecurity goals through its Infinity Global Services program.

Check Point’s NIS2/DORA Readiness Assessment involves an on-site assessment by senior Check Point consultants of an organization’s existing compliance with the NIS2 directive. Based on this assessment, Check Point provides guidance on how organizations can close identified security gaps and achieve compliance with the standard. For more information on how to achieve your NIS2 compliance goals before the deadline, contact us.