According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP).

The NIS Directive sets three primary objectives:

  • to improve the national information security capabilities of the Member States;
  • to build mutual cooperation at EU level; and
  • to promote a culture of risk management and incident reporting among actors (OES and DSP) of importance for the maintenance of key economic and societal activities in the Union.

As part of the NIS series, we have already provided an overview of the Directive, and we have examined in detail the security requirements for DSPs and OES.

To assist organizations in meeting compliance with the Directive, the European Union Agency for Cybersecurity (ENISA) and the UK’s National Cyber Security Center (NCSC) have developed assessment frameworks.

ENISA’s Guidelines on Assessing DSP and OES Compliance

According to the NIS Directive Articles 14, 15 and 16, one of the key objectives is to introduce appropriate security measures for OES as well as for the DSP to achieve a common level of information security within the EU network and information systems. Information security audits and self–assessment/ management exercises are the two major enablers to achieve this objective.

Assessment Frameworks for NIS Directive Compliance fig 1

Figure 1: Information Security Audit Lifecycle. Source: ENISA

The main objective of the ENISA guidelines is to facilitate National Competent Authorities (NCA) conducting audits and to assist DSP and OES across all EU Member States in complying with the requirements of the NIS Directive in the effort to achieve a baseline security level.

The objective of the guidelines is achieved by:

  1. Proposing the information security audit and self-assessment/management frameworks that can be applied by DSP and (Read more...)