What you need to know to meet the new EU cyber security standards.

The new National Information Security Directive (NIS2) is a European legislative directive ensuring critical national infrastructure organisations (entities) protect themselves against cyber threats and to ensure that EU’s cyber infrastructure is harmonized, secure and robust. Building upon the 2016 NIS directive, all 27 EU member states must incorporate the NIS2 directive into their national laws by October 2024. Member states can levy fines of up to EUR 10 million or 2% of annual turnover (revenue) for certain violations or breaches. In addition, critical entity management bodies (i.e., executive teams) can be held personally liable for infringements

What are the authentication requirements?

NIS2 includes stricter security requirements, reporting obligations, and enforcement requirements including rigorous controls centred around employee and subcontractor authentication. 

All entities must implement suitable and proportionate technical and organizational measures to manage the risks posed to the security of their networks and systems. These measures include the following authentication-related requirements:

  • Ensuring that only authorized persons or devices can access the networks and systems, and that access rights are regularly reviewed and updated
  • Implementing multi-factor authentication (MFA) for all remote access to the networks and systems, as well as for privileged users and administrators
  • Using strong and unique passwords or credentials for each user or device, and enforcing password policies such as minimum length, complexity, and expiration
  • Encrypting the transmission and storage of sensitive data, and protecting encryption keys from unauthorized access or disclosure
  • Monitoring and logging all access attempts and activities on the networks and systems, and detecting and responding to any anomalies or incidents

How can MyID enable organisations to meet the requirements?

The MyID® product family can help enable your organisation to demonstrate compliance with NIS controls. 

MyID Password Security Management (PSM), Multi-Factor Authentication (MFA) and high-assurance PKI and FIDO credential management (CMS) provide:

  • Secure policy-based cryptographic authentication to digital assets.
  • Defending critical infrastructure against ransomware attacks, by providing secure phishing resistant authentication at all endpoints.
  • This both secures user authentication and mitigates ransomware propagation and privilege escalation.
  • PKI cryptographically based encryption of sensitive data, with integrated management of keys.
  • Strong and easily applied password management to NIST standards.
  • Cryptographically based PKI or FIDO MFA.
  • Identity lifecycle management, which automates the creation, update, and deletion of user accounts and credentials, ensuring that they are always aligned with the current status and needs of the users.
  • MyID is core to managing good cyber hygiene practises, including enabling Zero Trust principles and identity and access Management.

MyID  can also help you prepare for other EU regulations, such as the Digital Operational Resilience Act (DORA) which sets out similar requirements for the financial sector, ISO27001 and GDPR. 

By implementing modern authentication and credential management solutions, entities subject to NIS2 can not only comply with the directive, but also improve their cybersecurity posture, enhance their operational efficiency, and deliver a better user experience.

Want to know more?

If you are ready to book a demo, simply click the button below and we will arrange a demo

demo request

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.