Alignment to the NIS2 Directive

5 Ways Armis Addresses NIS2

The updated NIS2 directive has been designed to expand the scope of the original , while introducing new requirements to guarantee the availability and uptime of critical services a company or critical national infrastructure operator provides. The directive was passed into law on January 16th, 2023, with a 21-month readiness window and became national law in October 2024.

NIS enshrined cybersecurity responsibility into European law for a much broader group of industry sectors across the market. The original industries defined in NIS were classified as ‘essential’ and included Healthcare, Drinking Water, Finance etc. (See table 1.1)

NIS2 introduces a new and broader category, ‘important’ entities, which includes Postal and Courier Services and Food and Manufacturing, and covers a much broader set of industries. The law is designed to improve the operational and cyber resilience of organizations and reduce the impact of cyber-attacks, especially for services which the public and economy require to function.

Organizations subject to NIS2 must “take appropriate and proportionate technical, operational and organizational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimize the impact of incidents on recipients of their services and on other services”.

Topics discussed in the white paper include:

• Alignment to the NIS2 directive
• Operational blind spots
• Why outsourcing cyber services does not outsource the responsibility
• Challenges with having too many tools and too many data points
• 5 ways Armis helps to achieve NIS2 Compliance