NIS2 Directive
Summary
Regulation: Network and Information Systems Directive 2
Abbreviation: NIS2
Governs these parties: Organizations in critical sectors such as energy, transportation, banking, finance, health, water suppliers, digital infrastructure, ICT service management, and public administration.
Enforced by: National authorities in each EU member state.
Details
The Network and Information Security Directive 2 (NIS2) is a European Union regulation aimed at strengthening cybersecurity across critical sectors. It expands on the original NIS Directive (2016) by broadening its scope, introducing stricter security requirements, and enforcing harsher penalties for non-compliance. NIS2 ensures organizations implement appropriate security measures to protect their networks, information systems, and data from cyber threats.
The rest of this document is designed to help our community understand NIS2 better by outlining the following information:
How this regulation relates to cybersecurity
NIS2 requires organizations in critical sectors to implement robust cybersecurity risk management measures to protect their networks, systems, and data. These requirements cover:
- Access control and network security: Preventing unauthorized access, data breaches, and system disruptions.
- Incident management: Strengthening incident detection, response, and recovery processes.
- Supply chain security: Ensuring vendors and third-party service providers adhere to strict security standards.
- Business continuity planning: Implementing measures to maintain operational resilience in the face of cybersecurity incidents.
- Regulatory reporting: Mandatory reporting of significant cybersecurity incidents to national authorities.
How Coro helps to handle compliance
At Coro, we've done the research and regularly track updates to the regulation to ensure that you are implementing best practices in the areas we cover when we're protecting your systems.
The following table outlines the requirements described by NIS2 that Coro implements in conjunction with Microsoft 365 or Google Workspace.
Disclaimer
This table does not guarantee that your organization is compliant with these regulations. As a best practice, seek assistance from a certified auditor when completing your analysis.
| Category | Requirement | How Coro does it |
|---|---|---|
| Cloud Security & Privacy | Malware and ransomware | Detects and remediates malware and ransomware files in cloud drives. |
| Cloud app account takeover | Monitors access to cloud apps and and tracks user and admin activities. | |
| Data governance for cloud drives | Provides data detection and governance for regulatory and business-sensitive data. | |
| Third-party app protection | Enforces security control over third-party apps. | |
| Audit and activity logs | Archives all system activities, supporting referencing and auditing. | |
| Data Governance | Data distribution governance and role management | Provides data governance and control policies for sensitive data in cloud apps and email. |
| Security and business-specific data monitoring | Monitors for sensitive data according to business and security best practices, such as passwords, certificates, source code, and proprietary data. | |
| Personal data monitoring | Monitors for personally identifiable information, which is information that can be used to identify, contact, or distinguish one unique person from another. | |
| Credit card data monitoring | Monitors for personal credit card information. | |
| Personal health data monitoring | Monitors personal health information that healthcare professionals collect to identify an individual and determine appropriate care. | |
| Non-public data monitoring | Monitors non-public personal information that service professionals collect to identify an individual. | |
| Audit and activity logs | Archives all system activities, supporting referencing and auditing. | |
| Email Security & Privacy | Generic and spear phishing | Detects and remediates social engineering attacks based on email content analysis. |
| Identity spoofing | Detects and remediates social engineering attacks based on adaptive identity monitoring. | |
| Malware and ransomware | Detects and remediates malware and ransomware in email attachments. | |
| Embedded links to malicious URLs | Detects and remediates embedded links to malicious URLs. | |
| Business email compromise (BEC) | Scans business email, and detects and protects against social engineering attacks. | |
| Data Governance for emails | Scans for sensitive data in emails and detects security violations. | |
| Audit and activity logs | Archives all system activities, supporting referencing and auditing. | |
| Endpoint Security & Privacy | Malware and ransomware | The EDR module ensures that devices are protected from malware, ransomware, and other malicious activities, improving device security posture. |
| Advanced threat protection | The EDR module actively detects and responds to advanced threats that target endpoint devices. | |
| Device security posture | Identifies security vulnerabilities and misconfiguration on endpoint devices, enforcing best practices for device security posture. | |
| Secured local backups | The Coro Agent uses Windows VSS (Volume Shadow Copy Service) to automatically create snapshots of files on your endpoint device. | |
| Breach localization and analysis | Enables post-breach analysis of endpoint device activity across the organization. | |
| Data governance for endpoint device drives | Scans for sensitive data on endpoint device drives and detects security violations. | |
| Audit and activity logs | Archives all system activities, supporting referencing and auditing. | |
| Network Security | Zero trust network access (ZTNA) | Establishes granular, identity-based access control, ensuring that only authorized users or devices can access specific resources. |
| Virtual private network (VPN) | Establishes a secure, encrypted internet connection between devices and a remote server, making it difficult for hackers or third parties to intercept or access transmitted data. | |
| DNS Filtering | Blocks access to undesired resources. | |
| Audit and activity logs | Archives all system activities, supporting referencing and auditing. | |
| Security Awareness Training | Phishing simulations | Sends phishing simulations to raise security awareness. |
| Security training | Enrolls users in training courses to raise awareness of cybersecurity risks. |