Security News > 2022 > May > Europe moves closer to stricter cybersecurity standards, reporting regs

Europe moves closer to stricter cybersecurity standards, reporting regs
2022-05-17 07:26

Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament.

Once approved, NIS2 [PDF] will replace the current Directive on Security of Network and Information Systems, aka NIS, which was adopted in 2016.

While the original rules applied to the healthcare, digital infrastructure and service providers, transportation, water supply, banking and financial infrastructure and energy sectors, NIS2 expands the list of covered industries.

The updated security regulations will apply to all medium and large entities across the following sectors and services: providers of public electronic communications networks or services, waste water and waste management, manufacturing of certain critical products, food, digital services such as social networking services platforms and datacenter services, space, postal and courier services.

Baseline practices included in NIS2 cover basic computer hygiene, cybersecurity training, the use of cryptography, human resource security, access control policies and asset management, as well as incident response and crisis management, vulnerability handling and disclosure, and policies and procedures to assess the effectiveness of cybersecurity risk management measures, according to a European Commission fact sheet.

"With the agreement of NIS2, we modernize rules to secure more critical services for society and economy. This is therefore a major step forward." .


News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/17/europe_nis2_cybersecurity_regulations/