ACN announced that on 30 April 2025 UNI/PdR 174:2025 was published, and positioned it as an operational bridge between UNI CEI EN ISO/IEC 27001 and NIST CSF 2.0 for organizations in NIS scope already certified to ISO 27001.

Sources: ACN article, UNI catalog page

Key takeaways

• ACN article date: 15 May 2025.
• The ACN text states UNI/PdR 174:2025 was published on 30 April 2025.
• The prassi is described as a harmonized management-system requirement set aligned with ISO/IEC 27001 and NIST CSF 2.0.
• ACN frames it as a methodological bridge for organizations already certified ISO/IEC 27001 that need to extend controls/measures toward NIST CSF.
• ACN links this alignment to the "misure di sicurezza di base" under Articles 23 and 24 of the NIS decree, referred to in ACN Determination no. 164179 of 14 April 2025.

Sources: ACN article, ACN Determination 164179/2025, Legislative Decree 138/2024

Why this matters for compliance programs

For NIS-affected entities that already maintain an ISO/IEC 27001-certified management system, ACN indicates this prassi can reduce translation friction between existing ISO governance and NIST CSF-based security expectations used in the national NIS implementation context.

In practical terms, this supports governance teams in avoiding duplicate control architectures across standards.

Source: ACN article

What ACN explicitly states

According to ACN:

1. UNI/PdR 174:2025 was developed with ACN support.
2. It defines requirements for a cybersecurity and information-security management system harmonized with ISO/IEC 27001 and NIST CSF 2.0.
3. It helps already ISO/IEC 27001-certified entities extend their management system toward controls and measures required by NIST CSF.
4. This is linked to the national baseline security specifications tied to NIS Articles 23 and 24.

Sources: ACN article, ACN Determination 164179/2025

Access and procurement notes

ACN states that:

• UNI/PdR 174:2025 is available in the UNI catalog.
• The document can be downloaded free of charge after registration on the UNI website.

Sources: ACN article, UNI catalog page, UNI site

Operational checklist for cyber/GRC teams

1. Map current ISO/IEC 27001 controls against NIST CSF 2.0 structure used in your NIS compliance program.
2. Identify gaps between current ISMS evidence and baseline NIS measures referenced by ACN.
3. Update risk-treatment and control-governance documentation to avoid parallel frameworks.
4. Align internal audit planning to cover ISO, NIST-CSF-mapped controls, and NIS obligations in one cycle.
5. Track evidence traceability from control implementation to legal requirements under the NIS framework.

FAQ

Is UNI/PdR 174:2025 a replacement for NIS legal obligations?

No. It is presented by ACN as an operational support framework; legal obligations remain defined by the NIS legal framework and ACN determinations. Sources: ACN article, Legislative Decree 138/2024

Is the document publicly accessible?

ACN indicates it is available in UNI catalog and downloadable after registration on the UNI site. Sources: ACN article, UNI catalog page

Which ACN act is referenced for baseline NIS measures?

The ACN article references Determination no. 164179 of 14 April 2025. Source: ACN Determination 164179/2025

Official sources

• ACN - UNI/PdR 174:2025 article
• ACN document - Determination no. 164179 of 14 April 2025
• UNI catalog - UNI/PdR 174:2025
• UNI official website
• Gazzetta Ufficiale - Legislative Decree 138/2024 (NIS)