The NIS 2 Directive (NIS 2) – which replaces the NIS Directive - is an EU-wide legislation on cybersecurity. Already adopted by the European Parliament, and with a UK alignment expected, NIS 2 modernises the existing legal framework in the EU to keep up with increased digitisation and an evolving cybersecurity threat landscape.
The expanded scope of the cybersecurity rules delivers legal measures to improve the overall level of cybersecurity risk management and reporting obligations to new sectors and entities, such as energy, transportation, health, digital infrastructure, food and waste management.
To assist in the delivery of secure compliant solutions, Axis has published a briefing paper to help physical security providers better understand the directive, its implications and the measures necessary to ensure compliance. The document covers the following key areas:
• Key steps to supporting compliance – What has changed?
• Demonstrating cyber maturity – How can Axis help you mitigate risk?
• Supply chain product integrity – What quality controls are needed?
• The importance of certifications – What should you look for?
An IT network should be secured across every touchpoint and unexpected vulnerability, and should not be hampered by weaknesses in physical security systems. This briefing paper details some of the key Axis security products and features which can help mitigate threat and protect against attack:
|
|
|
|
Signed firmwarePreventing installation or upgrade without appropriate credentials. |
Secure bootEnsuring that a device can boot only with authorised firmware. |
Axis Edge VaultA secure cryptographic compute module providing tamper-protected storage.
|
|
|
|
|
Signed videoVerification that video has not been modified and is still in untampered form. |
Hardening guideControls focused on addressing the most common cybersecurity risks. |
AXIS Device ManagerFor effective management of major installation, security and operational tasks.
|
“Compliance with NIS 2 requires a holistic approach that considers all possible threat vectors. Organisations that need to comply with NIS 2 will have to carry out a greater level of due diligence on their technology partners while policies and processes are expected to play a much greater role.”
Steven Kenny, Industry Liaison, Architecture & Engineering, Axis Communications
