SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIS2
Browse NIS2
PR.DS: Data Security
Protection of Data at Rest
PR.DS-01: The confidentiality, integrity, and availability of data at rest (data-at-rest) are protected.
  • 1. For at least the relevant information and network systems and in accordance with the results of the risk assessment referred to in measure ID.RA-05, except for documented and justified regulatory or technical reasons, the data stored on portable devices, including laptops, smartphones, and tablets, and on removable media, are encrypted with state-of-the-art protocols and algorithms and considered secure. 2. Except for documented and justified regulatory or technical reasons, the auto execution of removable media is disabled, and they are scanned to detect malicious code before being used in information and network systems.
  • 3. In compliance with the policies referred to in measure GV.PO-01, procedures related to points 1 and 2 are adopted and documented.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

The confidentiality, integrity, and availability of data at rest (data-at-rest) are protected.

Protection of Data in Transit
PR.DS-02: Confidentiality, integrity, and availability of data in transit (data-in-transit) are protected.
  • 1. For at least the relevant information and network systems, including those for voice, video, and text communication, and in accordance with the risk assessment outcomes as per measure ID.RA-05, barring justified and documented regulatory or technical reasons, protocols and encryption algorithms that are state-of-the-art and considered safe are used for data transmission to and from the external NIS entity.
  • 2. In compliance with the policies as per measure GV.PO-01, procedures are adopted and documented in relation to point 1.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Confidentiality, integrity, and availability of data in transit (data-in-transit) are protected.

Data Backup
PR.DS-11: Data backups are created, protected, maintained, and verified.
  • 1. In accordance with the operational continuity and disaster recovery needs identified in the plans outlined in measure ID.IM-04, data and configuration backups are periodically performed, and for at least the relevant information and network systems, offline backup copies are also kept.
  • 2. In compliance with the policies outlined in measure GV.PO-01, procedures related to point 1 are adopted and documented.
  • 3. For at least the relevant information and network systems, the confidentiality and integrity of information contained in backups are ensured through adequate physical protection of the media or encryption.
  • 4. For at least the relevant information and network systems, the usability of backups is periodically verified through restoration tests.
  • 5. In compliance with the policies outlined in measure GV.PO-01, procedures related to points 3 and 4 are adopted and documented.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Data backups are created, protected, maintained, and verified.