This month, the Bundestag will decide on the implementation of the NIS 2 Directive (Network and Information Security). This EU-wide directive is intended to strengthen cyber security and the member states are obliged to implement it into national law. NIS-2 significantly expands the scope of the original regulation, meaning that many more companies and facilities are now classified as “important” or even “particularly important”. Those who fall under these categories must commit to more stringent IT security precautions and comply with numerous new requirements. For example, registration, verification and reporting obligations to the Federal Office for Information Security (BSI) apply.
Find out at an early stage whether you are affected. The BSI has developed an online check for this purpose.
Our experts are happy to advise you on how you can meet the technical requirements for a NIS 2-compliant communication and data network through consistent monitoring.
Fiber and Network Technologies
In addition, we recommend that you take this checklist into account with regard to NIS-2.
1. Designate and empower responsible persons:
Designate at least two people to take responsibility for information security and ensure that they are appropriately trained and prepared.
2. Take responsibility as company management:
Find out about your risk management responsibilities and appropriate training opportunities.
3. Carry out an information security inventory
- For SMEs: Have a qualified service provider carry out an initial cyber risk check in accordance with DIN SPEC 27076
- For larger companies: Check whether your existing measures are sufficient and immediately implement an ISMS in accordance with IT-Grundschutz or ISO 27001/2.
- As a general rule, have your measures checked or audited externally to identify potential gaps.
4. Continuous improvement of information security:
Implement the requirements of the NIS 2 directive in the following areas:
- Risk management
- Management of security incidents
- Business continuity, backup management, crisis management
- Security of the supply chain
- Cyber hygiene and information security training
- Use of cryptography and encryption
- Security concepts for personnel, access control and asset management
- Use of secure communication solutions
5. Preparation for reporting obligations and dealing with warnings
- Implement processes for the immediate reporting of security incidents.
- Set up reception points for BSI warnings and situation reports, if necessary 24/7.
- Become a member of the Alliance for Cyber Security and/or the UP KRITIS to receive early warnings and situation reports
If you follow these tips, you will be well prepared for NIS-2.
