First version: 2023-11-03
Last update: 2024-11-19
Last change(s): Updated the NIS2 mapping table
NIS2 Update
The NIS2 directive is upcoming and as you have come to know, anDREa B.V. is keeping a close eye on what this means and how organizations can prepare for this. Recently, we wrote
this blog article about possible preparation steps and (hefty) sanctions for non-compliance. NIS2 is gaining rightfully more attention but how do we keep up?
Inspired by our visit to CyberSec The Netherlands, where NIS2 was a major point of interest, we have a small, yet interesting update on the NIS2 we would like to share with you.
The Netherlands will implement NIS2 as-is
Interesting side-note : NIS2 is among others needed for making sure everyone has the same base level of cybersecurity on an European level. In turn, this should promote international collaborations. However, as noted in the webinar, the guideline leaves room to implement additional requirements on a national level. In our opinion, this is quite contradictory. If you would think in terms of our Workspaces and the international collaborations that take place. It could very well be that there would be additional measures needed for one country but not in the Netherlands. We are very curious how this will play out.
Mapping table NIS2 to ISO27001
Nevertheless, preparation is key. In our previous blog, we noted that if your organization is ISO27001 certified, you are well on your way to be NIS2-compliant. For your convenience, we have compiled a mapping table from NIS2 article 21 to ISO27001:2017 and ISO27001:2022. Note that ISO27001:2022 is the latest version, however as anDREa is ISO27001:2017 certified, we provide the mapping table from NIS2 to ISO27001:2017 with some convenient links to our own public policies and controls. Annex controls and clauses for ISO27001:2017 correspond on the same row with their ISO27001:2022 counterparts.
We value your feedback! Please let us know if these blog articles and updates are helpful to you and/or your organization.
Sources:
Related Articles
2021-W33 Update from anDREa
This should be the first of many where we will update you on released and upcoming features, things that are happening at anDREa, etc. Recently added features/improvements Type Description Bug Daily snapshot missing on some of the new and migrated ...
2021-W51 anDREa Update
Last weekly update from anDREa in 2021 The current year has been an exciting year for anDREa. Quite some researchers have been using the platform since the researchenvironment.org days, the DRE on the Radboudumc Azure cloud. In March 2021, mydre.org ...
myDRE is NOT vulnerable for CVE-2022-26809 - Serious Vulnerabilities in Microsoft Windows Workplaces and Servers
Situation Last “patch Tuesday” Microsoft disclosed and fixed a large number of serious vulnerabilities in Microsoft Windows. One of these vulnerabilities is identified as CVE-2022-26809 with a CVSS score of 9.8 (scale 1-10). CVE-2022-26809 is a ...
2021-W34 Update from anDREa
General Holidays affect the development capacity, but we're moving nicely forward. The good thing is that Microsoft sent us an Azure Sponsorship Offer that will help to move some backend improvements forward. One such thing is multi-region support. ...
Enhancing VM Performance & Security: Important Update Coming Soon
We're enhancing VM performance and security with the Azure Monitoring Agent (AMA), starting April 26th, 2024. This tool streamlines management and facilitates towards ISO27001/NIS2 compliance. Contact Research Support by April 26th, 17:00 if any VMs ...