SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIS2
Browse NIS2
DE.CM: Continuous Monitoring
Network Monitoring
DE.CM-01: Networks and network services are monitored to identify potentially adverse events.
  • 1. For at least the relevant information systems and networks, technical tools are present, updated, maintained, and properly configured to promptly detect significant incidents.
  • 2. The expected service levels (SL) of the services and activities of the NIS entity are defined and documented also for the purpose of promptly detecting significant incidents.
  • 3. In compliance with the policies outlined in measure GV.PO-01, procedures related to points 1 and 2 are adopted and documented.
  • 4. For at least the relevant information systems and networks, tools for analyzing and filtering incoming traffic flow (including email) are used.
  • 5. For at least the relevant information systems and networks, for the purposes outlined in point 1, remote accesses, perimeter system activities (such as routers and firewalls), significant administrative events, as well as successful or failed accesses to network resources, terminal stations, and applications are monitored to detect cybersecurity events.
  • 6. For at least the relevant information systems and networks, for the purposes outlined in point 1, qualitative-quantitative parameters are defined, monitored, and documented to detect unauthorized accesses or abuses of granted privileges.
  • 7. In compliance with the policies outlined in measure GV.PO-01, procedures related to points 4, 5, and 6 are adopted and documented.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Networks and network services are monitored to identify potentially adverse events.

Hardware, Software, and Data Monitoring
DE.CM-09: Processing hardware and software, runtime environments, and their data are monitored to identify potentially adverse events.
  • 1. Subject to justified and documented regulatory or technical reasons, endpoint protection systems for detecting malicious code are present, updated, maintained, and properly configured.
  • 2. In compliance with the policies referred to in measure GV.PO-01, procedures related to point 1 are adopted and documented.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Processing hardware and software, runtime environments, and their data are monitored to identify potentially adverse events.