The updated NIS2 directive has been designed to expand the scope of the original, while introducing new requirements to guarantee the availability and uptime of critical services a company or critical national infrastructure operator provides. The directive was passed into law on January 16th, 2023, with a 21-month readiness window and goes live in October 2024.
The original industries defined in NIS were classified as ‘essential’ and included Healthcare, Drinking Water, Finance etc. NIS2 introduces a new and broader category, ‘important’ entities, which includes Postal and Courier Services and Food and Manufacturing, and covers a much broader set of industries. The European law is designed to improve the operational and cyber resilience of organizations and reduce the impact of cyber-attacks, especially for services which the public and economy require to function.
Topics discussed in the white paper include:
- Alignment to the NIS2 directive
- Operational blind spots
- Why outsourcing cyber services does not outsource the responsibility
- Challenges with having too many tools and too many data points
- 5 ways Armis helps to achieve NIS2 Compliance