Baseline

NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties

NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties

February 18, 2026

NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization,…

NIS2 ACN compliance +9
NIS2 Supply-Chain Security: Managing Critical Suppliers and High-Impact Procurements

NIS2 Supply-Chain Security: Managing Critical Suppliers and High-Impact Procurements

February 17, 2026

NIS2 supply-chain security is a governance obligation covering supplier identification, risk assessment, contractual integration, and lifecycle monit…

NIS2 ACN compliance +8
NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof

NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof

February 14, 2026

ACN baseline guidance requires documentary evidence as a core compliance element. Practical guide to evidence families, obligation-to-evidence mappin…

NIS2 ACN compliance +9
NIS2 Significant Incident IS-3: Violation of Expected Service Levels

NIS2 Significant Incident IS-3: Violation of Expected Service Levels

February 13, 2026

IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, s…

NIS2 ACN compliance +9
NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

February 12, 2026

IS-2 in the ACN baseline model covers integrity loss affecting digital data under entity ownership or control. Practical guide to qualification, evid…

NIS2 ACN compliance +8
NIS2 baseline deadline October 2026: 8-month implementation roadmap

NIS2 baseline deadline October 2026: 8-month implementation roadmap

February 12, 2026

With the NIS2 baseline adoption deadline set for October 2026, organizations have roughly 8 months left. This guide provides a compressed, phased roa…

NIS2 October 2026 ACN +6
NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

February 11, 2026

IS-1 in the ACN baseline model covers confidentiality loss affecting digital data under entity ownership or control. Practical guide to qualification…

NIS2 ACN compliance +8
NIS2 Incident Typology Model: Condition, Compromise, and Affected Object

NIS2 Incident Typology Model: Condition, Compromise, and Affected Object

February 10, 2026

ACN baseline guidance classifies significant incidents through condition, compromise, and object of compromise. Practical guide to using the typology…

NIS2 ACN compliance +8
NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration

NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration

February 07, 2026

The NIS2 Recovery (RC) domain defines how entities restore operations after incidents and sustain resilience. Practical guide to restoration procedur…

NIS2 ACN compliance +9
NIS2 Response Controls (RS): Containment and Eradication in Incident Handling

NIS2 Response Controls (RS): Containment and Eradication in Incident Handling

February 06, 2026

Containment and eradication are iterative response steps that limit damage and remove attacker persistence. Practical guide to strategy selection, ev…

NIS2 ACN compliance +9
NIS2 Response Controls (RS): Signaling and Investigation Operating Model

NIS2 Response Controls (RS): Signaling and Investigation Operating Model

February 05, 2026

The NIS2 Response (RS) domain requires structured incident response through signaling, investigation, and iterative decision loops. Practical guide t…

NIS2 ACN compliance +10
NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling

NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling

February 04, 2026

The NIS2 Detection (DE) domain requires monitoring networks, services, and endpoints to identify adverse events early. Practical guide to log readine…

NIS2 ACN compliance +10
NIS2 Protection Controls (PR): Technical and Organizational Measures in Execution

NIS2 Protection Controls (PR): Technical and Organizational Measures in Execution

February 03, 2026

The NIS2 Protection (PR) domain translates risk decisions into safeguards over identities, data, platforms, and infrastructure. Practical guide to PR…

NIS2 ACN compliance +9
NIS2 Identification Controls (ID): Inventories, Risk Assessment, and Improvement Cycle

NIS2 Identification Controls (ID): Inventories, Risk Assessment, and Improvement Cycle

January 31, 2026

The NIS2 Identification (ID) domain covers asset visibility, risk assessment, treatment planning, vulnerability processes, and improvement cycles. Pr…

NIS2 ACN compliance +8
NIS2 Governance Controls (GV): Policies, Roles, and Accountability Model

NIS2 Governance Controls (GV): Policies, Roles, and Accountability Model

January 30, 2026

The NIS2 Governance (GV) domain defines cybersecurity direction, accountability, and oversight. Practical guide to implementing GV controls: context,…

NIS2 ACN compliance +8
NIS2 Article 24 in Practice: How to Implement Cybersecurity Risk-Management Measures

NIS2 Article 24 in Practice: How to Implement Cybersecurity Risk-Management Measures

January 28, 2026

Article 24 of Italy's NIS decree requires proportionate cybersecurity measures. Practical guide to implementing control families (GV/ID/PR/DE/RS/RC) …

NIS2 ACN compliance +7
NIS2 Essential vs Important Entities: Compliance Differences in Baseline Obligations

NIS2 Essential vs Important Entities: Compliance Differences in Baseline Obligations

January 23, 2026

The Italian NIS framework differentiates baseline obligations for essential and important entities across security measures and incident typologies. …

NIS2 ACN compliance +7