Network and Information Security Directive (NIS) 

NIS2 Directive

What is the Network and Information Security Directive

The Network and Information Security (NIS) Directive is the cybersecurity legislation across the European Union. Its main goal is to achieve a consistent and high level of cybersecurity among all Member States.

NIS2 refers to the second iteration of the Network and Information Security Directive. It is an updated legislation aimed at enhancing cybersecurity measures within the European Union. NIS2 seeks to strengthen the protection of critical infrastructure, promote incident reporting, and improve cooperation among Member States to mitigate cyber threats.

National cybersecurity frameworks (Articles 5 - 11)

Member States are required to adopt a national cybersecurity strategy defining the strategic objectives and appropriate policy and regulatory measures with a view to achieving and maintaining a high level of cybersecurity.

The Directive also establishes a framework for Coordinated Vulnerability Disclosure and requires Member States to designate Computer Security Incident Response Teams (CSIRTs) to act as trusted intermediaries and facilitate the interaction between the reporting entities and the manufacturers or providers of ICT products and ICT services. ENISA is required to develop and maintain a European vulnerability registry for the discovered vulnerabilities.

Member States are required to put in place National Cybersecurity Crisis Management Frameworks, inter alia by designating national competent authorities responsible for the management of large-scale cybersecurity incidents and crises.

Member States are also required to designate one or more national competent authorities on cybersecurity for the supervisory tasks under this Directive and a national single point of contact on cybersecurity (SPOC) to exercise a liaison function to ensure cross-border cooperation of Member State authorities. Member States are also required to designate CSIRTs.

Cybersecurity risk management and reporting obligations (Articles 17 - 23)

The Directive requires Member States to provide that management bodies of all entities under the scope to approve the cybersecurity risk management measures taken by the respective entities and to follow specific cybersecurity-related training.

Member States are required to ensure that entities under the scope take appropriate and proportionate technical and organisational measures to manage the cybersecurity risks posed to the security of network and information systems. They are also required to ensure that entities notify the national competent authorities or the Computer Security Incident Response Team (CSIRTs) of any cybersecurity incident having a significant impact on the provision of the service they provide.

Top Level Domain (TLD) registries and the entities providing domain name registration services for the TLD shall collect and maintain accurate and complete domain name registration data. Furthermore, such entities are required to provide efficient access to domain registration data for legitimate access seekers.

General Provisions

Description of General Provisions

Each Member State shall adopt a national cybersecurity strategy defining the strategic objectives and appropriate policy and regulatory measures, with a view to achieving and maintaining a high level of cybersecurity.

What specific article does it relate to

Art. 5: National cybersecurity strategy 

How does G/On support?

Any of the Soliton Products perfectly fits into IT security frameworks. Depending on the type of framework one or more required items are fulfilled with G/On.

How does MailZen support?

Any of the Soliton Products perfectly fits into IT security frameworks. Depending on the type of framework one or more required items are fulfilled with MailZen.

How does NetAttest EPS support?

Any of the Soliton Products perfectly fits into IT security frameworks. Depending on the type of framework one or more required items are fulfilled with NetAttest EPS.

Cybersecurity risk management and reporting obligations

Description of Chapter 4: Cybersecurity risk management and reporting obligations

Member States shall ensure that essential and important entities shall take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which those entities use in the provision of their services. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk presented.

What specific articles does it relate to?

Article 18: Cybersecurity risk management measures

(d) supply chain security including security-related aspects concerning the relationships between each entity and its suppliers or service providers such as providers of data storage and processing services or managed security services;

(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;

(g) the use of cryptography and encryption.

How does G/On support?

The Key element of the NIS2 is building towards a higher level of resilience against Cybercrime and the effects of it. Soliton Systems products can help you mitigate a large amount of requirements set withing those before mentioned Frameworks.

As one example; G/On created a virtual; shield to ensure possible vulnerabilities within application the  be exposed to the internet, while maintaining full capabilities.

By prioritizing network protection against unauthorized access, G/On guarantees complete encryption between end-users and the infrastructure that hosts the necessary application.

How does MailZen support?

MailZen is a product that also shields internet facing applications from being visible from the internet. Ensuring protection from current and future vulnerabilities in for example On-Prem Exchange.

By prioritizing network protection against unauthorized access, MailZen guarantees complete encryption between end-users and the infrastructure that hosts the necessary application.

How does NetAttest EPS support?

Whereas other products ensure the data integrity and potential vulnerabilities. NetAttest EPS takes of the risks introduced by the end-user. The goal is to remove or reduce the end-user interaction in the Security authentication Proces. By establishing certificate based network authentication