Maturity of Technical Protection Measures

A key element of the NIS Directive is the obligation to implement appropriate security measures that pay regard to the state of the art. The appropriateness of a specific measure has to be assessed in a risk-based approach, thus, there is no one size fits all approach.

With the entry into force of the NIS Directive in 2018, ENISA has been particularly active in providing guidance regarding sector-specific security measures.

These inlcude:

ENISA documents of further interest:

Research papers addressing security requirements under the NIS Directive:

  • G. Drivas, A. Chatzopoulou, L. Maglaras, C. Lambrinoudakis, A. Cook and H. Janicke, “A NIS Directive Compliant Cybersecurity Maturity Assessment Framework”, 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), 2020, pp. 1641-1646, doi: 10.1109/COMPSAC48688.2020.00-20.
    • This paper describes a novel Cybersecurity Maturity Assessment Framework (CMAF) that is tailored to the NIS Directive requirements. The author suggest that this CMAF can be used either as a self assessment tool from OESs and DSPs or as an audit tool from NCAs.

Awareness campaigns and practical guides addressing business in general:

These lists will be constantly updated. Last update 23.05.2022

Leave a Reply

Your email address will not be published. Required fields are marked *