Before we are going to talk about how SentinelOne really ticks off a lot of controls from the NIS2 directive in Denmark, we need to talk about … well NIS2. So first small recap about NIST and its successor NIS2.
NIS1
NIS1 is an EU directive since 2016. It became a part of the Danish legislation in 2013. There are 7 key sectors and a list of identified operators of essential services. In other words, a small group of entities who were informed they had to be compliant with NIS1 (active selection) . That being said, they had to have a minimum of security measures (mainly focused on risk management) and they had to report significant incidents. This was also the first step in a more EU cooperation, sharing information about breaches, best practices, etc.
NIS2
With NIS2 the scope is getting a lot wider. More entities will have to be compliant. There is a new way in selection who is in scope. This is a passive selection that each company must do to see if they meet the requirements. So if you are part of the new chosen sectors and a certain company size, you need to register and implement policies. The deadline for all member states is October 2024, so you still have time… But not that much.
What policies are we going to implement?
Good question! It depends. If you look at the criteria you will be:
- Essential
- Important
- Not in scope.
The CCB have written guidelines for all categories (links below). In a nutshell 5 main pillars.
- Passive selection
- Management responsibility
- Risk management & security measures
- Incident reporting
- Supervision & Sanctioning
In detail based on sector and company size
Now what does SentinelOne have to offer?
Well actually a lot. The CCB used NIST framework and added some NIS2 specifics. The Singularity platform is not just EDR anymore. Its suite can help and cover a lot of the NIST framework. So you’re one step(s) closer to be compliant for NIS2. We have mapped out the way S1 can (partially) cover the NIST framework below.
Intrigued about how SentinelOne can help you to the road of NIS2 compliancy?
Contact Bjørg Væhrens for more details.