Tag: NIS 2 EU Implementing Regulation 2024/2690 – DNS service providers

Posted on by Leave a comment

NIS 2 EU Implementing Regulation 2024/2690 – 17/10/2024

Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down detailed rules for the implementation of Directive (EU) 2022/2555 as regards technical and methodological requirements for cybersecurity risk management measures and further specification of when an incident is considered significant with regard to DNS service providers, top-level domain name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online marketplaces, online search engines and social network service platforms, and trust service providers.


DOWNLOAD DOCUMENT

The technical and methodological requirements are described in the annex, the required procedures are available in Edirama’s NIS 2 Documentation Kit

1 Information Systems and Network Security Policy [art.21.2a NIS2]
2 Risk management policy [Art. 21.2a NIS2].
3 Incident management [Art. 21.2b NIS2].
4 Business continuity and crisis management [NIS2 Art. 21.2c].
5 Supply chain security [NIS2 Art. 21.2d].
6 Security of acquisition, development and maintenance of information and network systems [Art.21.2e NIS2]
7 Strategies and procedures for evaluating the effectiveness of cybersecurity risk management measures [art.21.2f NIS2]
8 Basic computer hygiene practices and security training [NIS2 Art. 21.2g].
9 Cryptography [Article 21.2h NIS2].
10 Human Resources Security [Art.21.2i NIS2].
11 Access control [Art. 21.2i/j NIS2]
12 Resource management [Art.21.2i NIS2]