A key element of the NIS Directive is the obligation to implement appropriate security measures that pay regard to the state of the art. The appropriateness of a specific measure has to be assessed in a risk-based approach, thus, there is no one size fits all approach.
With the entry into force of the NIS Directive in 2018, ENISA has been particularly active in providing guidance regarding sector-specific security measures.
These inlcude:
- ENISA, Mapping of OES Security Requirements to Specific Sectors (2018)
- ENISA, Railway Cybersecurity (2020)
- ENISA, Cloud Security for Healthcare Services (2021)
- ENISA, Railway Cybersecurity – Good Practices in Cyber Risk Management (2021)
- ENISA, Methodology for Sectoral Cybersecurity Assessments (2021)
- ENISA, Security and Privacy for public DNS Resolvers (2022)
- ENISA, Risk Management Standards (2022)
ENISA documents of further interest:
- ENISA, Guidelines for Securing the Internet of Things (2020)
- ENISA, Guidelines – Cyber Risk Management for Ports (2020)
- ENISA, Security in 5G Specifications – Controls in 3GPP (2021)
- ENISA, Security Framework for Trust Service Providers (2021)
- ENISA, Security Framework for Qualified Trust Service Providers (2021)
- ENISA, Recommendations for Qualified Trust Service Providers based on Standards (2021)
- ENISA, Guideline on Security Measures under the EECC (2021)
- ENISA, 5G Supplement – to the Guideline on Security Measures under the EECC (2021)
- ENISA, Cybersecurity guide for SMEs – 12 steps to securing your business (2021)
- ENISA, Cybersecurity for SMEs – Challenges and Recommendations (2021)
- ENISA, Cybersecurity Certification: Candidate EUCC Scheme V1.1.1 (2021)
- ENISA, Recommendations for the security of CAM (2021)
- ENISA, 5G Cybersecurity Standards (2022)
- ENISA, CSIRT Maturity Framework (2022)
- ENISA and CERT-EU, Boosting your Organisation’s Cyber Resilience – Joint Publication (2022)
Research papers addressing security requirements under the NIS Directive:
- G. Drivas, A. Chatzopoulou, L. Maglaras, C. Lambrinoudakis, A. Cook and H. Janicke, “A NIS Directive Compliant Cybersecurity Maturity Assessment Framework”, 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), 2020, pp. 1641-1646, doi: 10.1109/COMPSAC48688.2020.00-20.
- This paper describes a novel Cybersecurity Maturity Assessment Framework (CMAF) that is tailored to the NIS Directive requirements. The author suggest that this CMAF can be used either as a self assessment tool from OESs and DSPs or as an audit tool from NCAs.
Awareness campaigns and practical guides addressing business in general:
- Chamber of Commerce Luxembourg, Practical Guide Cybersecurity, Understanding, Preparing for, and Responding to an Attack
These lists will be constantly updated. Last update 23.05.2022