What is NIS Directive?

Back to Wiki

The Network and Information Systems (NIS) directive is an initiative developed to protect the economy of the European Union from major cyberthreats.

The NIS Directive was adopted by the European Parliament on July 6th, 2016, and entered into force in August 2016. Member states had to transpose the directive into their national laws by May 9th, 2018 and identify operators of essential services by November 9th 2018.

For organizations to meet the obligations of NIS, the task can be separated into administrative and technical measures. Administrative measures are implemented through the accordance of security standards like ISO/IEC 27001 Information Security Management System (ISMS). These are supported by administrative actions and risk management measures including ongoing user training, security audits and ethical hacking to ensure security competency and to improve organization’s level of cyber readiness from both business and regulatory perspectives.

Technical solutions include the implementation and continuous development of cyber situational awareness solutions such as SIEM (Security Incident and Event Management), secure identity confirmation tools, and data communications security solutions. Only a combination of administrative and technical measures is enough to comply with the NIS authoritative requirements.

PKI & code signing help meet NIS compliance

To meet the fundamental requirement under NIS for “appropriately authenticated and authorized” access, organizations need a method of defining and enacting controls that is both secure and can be deployed across disparate infrastructure and processes.

Public Key Infrastructure (PKI) is the most widely adopted form of technology for establishing the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI includes a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public keys.

Certificates are issued to entities such as users, devices, web servers, passports, smartcards and IoT devices. The provisioning of certificates to either devices or tokens enables two benefits. Firstly, it gives a device or a token an identity, and secondly, it provides the means to setup a secure encrypted communication channel. PKI and certificates deliver a method as required by the NIS directive to identify, trust and securely communicate with any entity throughout an entire organization, partners, and customers.

PKI also underpins technologies, such as digital signatures and encryption for use cases as diverse as e-commerce and the growing Internet of Things (IoT). Digital signatures can secure additional activities, such as signing PDFs, code or other information assets, to ensure the origin of the document/code or to ensure that a transaction was in place at a certain time. Digital Signatures can allow an organization to track who exactly performed the signature and at what time.

To learn more, download our white paper:

PrimeKey’s take on the NIS Directive

 

 

How can we help?

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us