ETSI - TR 103 456
CYBER; Implementation of the Network and Information Security (NIS) Directive
|Publication Date:||1 October 2017|
The present document provides guidance in accordance with the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 [i.1] concerning measures for a high common level of security of network and information systems across the Union (commonly called the NIS Directive or NISD) on the available technical specifications and those in development by major cyber security communities worldwide designed to meet the legal measures and technical requirements relating to the sharing of information on network based risks and incidents and also the necessary defence measures to enable the protection of its essential security interests.
The present document is intended be used by all that need to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation. These include national regulators who need to update regulations or guidelines for specific industries identified in the NIS Directive as Operators of Essential Services (OES) or national policy makers wishing to provide guidance for Digital Service Providers (DSP). The present document might also be used by OES' and DSPs themselves for their own implementation. The present document is not intended to be prescriptive in the selection or use of technical specifications or requirements as organizational risk based approach yields the most effective industry wide implementations.