Heimdal helps organizations get in line with the European Commission’s NIS 2 Directive, empowering them to prepare for and respond to cyber-risks and incidents. Implement fully compliant security controls with comprehensive asset, access, and vulnerability management, as well as a team of trained security experts that are always ready to lend a helping hand.
The European Commission’s NIS 2 Directive is a set of cybersecurity measures and recommendations that are meant to further enhance proactive protection and incident response strategies among relevant authorities, as well as public and private entities. It was designed as a replacement for the original NIS Directive, which failed to adapt in the face of the COVID-19 pandemic and its reshaping of the way society interacts with the digital world.
The NIS 2 Directive is aligned with the European Commission’s efforts to protect Europe in the digital age and ensure that its economy is future-proof. It was adopted by the European Parliament on November 10th, 2022, with the Council following suit on November 28th, 2022, effectively starting the repealing process of the previous NIS Directive.
The European Union is currently comprised of 27 European countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
The NIS 2 Directive applies to all these territories, and should be implemented by all entities that reside and operate within them according to the following timeline:
According to Article 20 of the NIS 2 Directive, the responsibility for implementing and upholding these measures falls on the management bodies of the entities listed as essential by each Member State.
July 17th, 2024
The NIS 2 Directive applies to entities that operate in the private and public sectors within the European Union. This includes, but is not limited to, the health, energy, transport, and digital infrastructure sectors.
October 17th, 2024
By this date, the European Commission with lay down the technical and methodological requirements for each cybersecurity area covered by the NIS 2 Directive. Every Member State of the European Union must adopt and publish its measures to comply with it.
October 18th, 2024
Member States must apply their measures starting with this date. On this date, the previous NIS Directive will also be effectively repealed.
January 17th, 2025
On this date, the NIS Cooperation Group will establish a framework for peer reviews carried out by cybersecurity experts appointed by Member States. These will analyze the efforts made by each country towards compliance and find ways to strengthen and enhance them.
April 17th, 2025
All Member States will submit a list of essential entities, as well as entities that provide domain name registration services. This list will be updated every two years.
October 17th, 2025
Starting with this date and every 36 months thereafter, the European Commission will review the efficiency of the NIS 2 Directive and report back to the Parliament and Council.
According to Article 20 of the NIS 2 Directive, the responsibility for implementing and upholding these measures falls on the management bodies of the entities listed as essential by each Member State.
Compliance
Secops
IT
The NIS 2 Directive’s main goal is to empower entities from the EU’s Member States to prepare for and respond to cybersecurity incidents in a manner that is in tune with the current digital landscape. To achieve this, it covers areas such as:
Incident handling
Asset and vulnerability management
Access control
Risk analysis and management policies
Supply chain security
MFA and encryption
Disaster recovery and backup
| Controls |
Protected by Heimdal
|
Internal Company Policy | Out of Scope |
|---|---|---|---|
| Incident handling |
|
||
| Crisis management |
|
||
| Vulnerability management |
|
||
| Access control policies |
|
||
| Asset management |
|
||
| Cyber-hygiene practices |
|
||
| Risk analysis policies |
|
||
| Information security policies |
|
||
| Risk management assessment policies |
|
||
| Backup management |
|
||
| Supply chain security |
|
||
| Cryptography and encryption |
|
||
| MFA/continuous authentication |
|
||
GET A HEAD START ON CYBERSECURITY MEASURES
Heimdal’s cybersecurity solutions can help you cover vital areas for your company’s NIS 2 compliance.
Privileged Access Management 
