NIS2 AND AUTHENTICATION:
What you need to know to meet the new EU cyber security standards.
The new National Information Security Directive (NIS2) is a European legislative directive ensuring critical national infrastructure organisations (entities) protect themselves against cyber threats and to ensure that EU’s cyber infrastructure is harmonized, secure and robust. Building upon the 2016 NIS directive, all 27 EU member states must incorporate the NIS2 directive into their national laws by October 2024. Member states can levy fines of up to EUR 10 million or 2% of annual turnover (revenue) for certain violations or breaches. In addition, critical entity management bodies (i.e., executive teams) can be held personally liable for infringements
Who is Impacted?
NIS2 security requirements covers a much wider range of entities than NIS.
The original NIS Industry Sectors were Healthcare, Digital Infrastructure, Transport, Water Supply, Digital Service Providers, Banking, Financial Market Infrastructure and Energy
Additional NIS2 Sectors are: Providers of public electronic communications networks or services, Wastewater, Chemicals, Health (pharmaceuticals, R&D, critical medical devices), food producers, processors and distributors, manufacturing of critical products (medical devices, computers, electronics, motor vehicles), digital providers (social networking platforms, search engines, online marketplaces), space, postal and courier services
NIS2 also applies to companies providing services within a member country, even if they are not physically based within the EU.
What are the authentication requirements?
NIS2 includes stricter security requirements, reporting obligations, and enforcement requirements including rigorous controls centred around employee and subcontractor authentication.
All entities must implement suitable and proportionate technical and organizational measures to manage the risks posed to the security of their networks and systems. These measures include the following authentication-related requirements:
- Ensuring that only authorized persons or devices can access the networks and systems, and that access rights are regularly reviewed and updated
- Implementing multi-factor authentication (MFA) for all remote access to the networks and systems, as well as for privileged users and administrators
- Using strong and unique passwords or credentials for each user or device, and enforcing password policies such as minimum length, complexity, and expiration
- Encrypting the transmission and storage of sensitive data, and protecting encryption keys from unauthorized access or disclosure
- Monitoring and logging all access attempts and activities on the networks and systems, and detecting and responding to any anomalies or incidents
How can MyID enable organisations to meet the requirements?
The MyID® product family can help enable your organisation to demonstrate compliance with NIS controls.
MyID Password Security Management (PSM), Multi-Factor Authentication (MFA) and high-assurance PKI and FIDO credential management (CMS) provide:
- Secure policy-based cryptographic authentication to digital assets.
- Defending critical infrastructure against ransomware attacks, by providing secure phishing resistant authentication at all endpoints.
- This both secures user authentication and mitigates ransomware propagation and privilege escalation.
- PKI cryptographically based encryption of sensitive data, with integrated management of keys.
- Strong and easily applied password management to NIST standards.
- Cryptographically based PKI or FIDO MFA.
- Identity lifecycle management, which automates the creation, update, and deletion of user accounts and credentials, ensuring that they are always aligned with the current status and needs of the users.
- MyID is core to managing good cyber hygiene practises, including enabling Zero Trust principles and identity and access Management.
MyID can also help you prepare for other EU regulations, such as the Digital Operational Resilience Act (DORA) which sets out similar requirements for the financial sector, ISO27001 and GDPR.
By implementing modern authentication and credential management solutions, entities subject to NIS2 can not only comply with the directive, but also improve their cybersecurity posture, enhance their operational efficiency, and deliver a better user experience.
What's next?
NIS2 is a major opportunity for all organisations to improve their cybersecurity and resilience. Intercede is uniquely placed to enable you to meet the requirements of NIS2 with proven and compliant authentication and credential management solutions ranging from passwords to PKI.
Intercede: Your Partner in NIS2 Compliance
Intercede is a leading provider of identity and access management (IAM) solutions. With Intercede's proven and compliant authentication solutions, you can confidently meet the requirements of NIS2 and enhance your organisation's overall security posture.
Trusted by Governments and Enterprises Worldwide
Where protecting systems and information really matters, you will find Intercede. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.
