| Aegister

UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

ACN

|

compliance

|

GRC

|

cybersecurity

|

NIS

|

NIST CSF

|

UNI/PdR 174:2025

|

ISO 27001

|

ISMS

UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

February 20, 2026

ACN published UNI/PdR 174:2025 as an operational bridge between ISO/IEC 27001 and NIST CSF 2.0 for NIS-scoped organizations. It helps ISO-certified e…

NIS2

|

ACN

|

compliance

|

cybersecurity

|

NIS

|

deadline

|

registration

|

registrazione

|

scadenza

|

28 febbraio

NIS 2026 Reminder: 8 Days Left Before the 28 February Registration Deadline

February 20, 2026

Organizations in scope of Italy's NIS regime have until 28 February 2026 to complete annual registration via the ACN Services Portal. Both new and pr…

ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now

ACN

|

compliance

|

notification

|

cybersecurity

|

Law 90/2024

|

Legge 90/2024

|

incident taxonomy

|

tassonomia incidenti

|

NIS

|

Allegato A

ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now

February 20, 2026

ACN adopted the incident taxonomy under Law 90/2024 via the Determina of 9 February 2026. Obligated entities must now report incidents within 24 hour…

NIS2

|

ACN

|

compliance

|

CSIRT

|

notification

|

baseline

|

cybersecurity

|

roles

|

accountability

|

point of contact

|

referente

|

incident

NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties

February 18, 2026

NIS2 implementation guidance distinguishes the legal Point of Contact from the operational CSIRT contact role. Practical guide to role formalization,…

NIS2

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

supply chain

|

GV.SC

|

suppliers

|

procurement

|

contracts

|

risk assessment

NIS2 Supply-Chain Security: Managing Critical Suppliers and High-Impact Procurements

February 17, 2026

NIS2 supply-chain security is a governance obligation covering supplier identification, risk assessment, contractual integration, and lifecycle monit…

NIS2

|

ACN

|

compliance

|

GRC

|

baseline

|

cybersecurity

|

governance

|

audit

|

evidence

|

documentation

|

inventories

|

registers

NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof

February 14, 2026

ACN baseline guidance requires documentary evidence as a core compliance element. Practical guide to evidence families, obligation-to-evidence mappin…

NIS2

|

ACN

|

compliance

|

CSIRT

|

significant incident

|

notification

|

baseline

|

cybersecurity

|

IS-3

|

service level

|

availability

|

disruption

NIS2 Significant Incident IS-3: Violation of Expected Service Levels

February 13, 2026

IS-3 in the ACN baseline model covers service-level violation incidents affecting entity services and activities. Practical guide to qualification, s…

NIS2

|

ACN

|

compliance

|

CSIRT

|

IS-2

|

significant incident

|

integrity

|

data modification

|

notification

|

baseline

|

cybersecurity

NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

February 12, 2026

IS-2 in the ACN baseline model covers integrity loss affecting digital data under entity ownership or control. Practical guide to qualification, evid…

NIS2

|

October 2026

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

governance

|

implementation plan

|

deadline

NIS2 baseline deadline October 2026: 8-month implementation roadmap

February 12, 2026

With the NIS2 baseline adoption deadline set for October 2026, organizations have roughly 8 months left. This guide provides a compressed, phased roa…

NIS2

|

ACN

|

compliance

|

CSIRT

|

significant incident

|

notification

|

baseline

|

cybersecurity

|

IS-1

|

confidentiality

|

data leak

NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

February 11, 2026

IS-1 in the ACN baseline model covers confidentiality loss affecting digital data under entity ownership or control. Practical guide to qualification…

NIS2

|

ACN

|

compliance

|

CSIRT

|

notification

|

baseline

|

cybersecurity

|

incident typology

|

condition

|

compromise

|

classification

NIS2 Incident Typology Model: Condition, Compromise, and Affected Object

February 10, 2026

ACN baseline guidance classifies significant incidents through condition, compromise, and object of compromise. Practical guide to using the typology…

NIS2

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

backup

|

resilience

|

disaster recovery

|

recovery

|

RC

|

restore

|

continuity

NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration

February 07, 2026

The NIS2 Recovery (RC) domain defines how entities restore operations after incidents and sustain resilience. Practical guide to restoration procedur…

NIS2

|

ACN

|

compliance

|

CSIRT

|

baseline

|

cybersecurity

|

response

|

RS

|

remediation

|

containment

|

eradication

|

incident handling

NIS2 Response Controls (RS): Containment and Eradication in Incident Handling

February 06, 2026

Containment and eradication are iterative response steps that limit damage and remove attacker persistence. Practical guide to strategy selection, ev…

NIS2

|

ACN

|

compliance

|

incident response

|

CSIRT

|

baseline

|

cybersecurity

|

response

|

RS

|

signaling

|

investigation

|

escalation

|

forensics

NIS2 Response Controls (RS): Signaling and Investigation Operating Model

February 05, 2026

The NIS2 Response (RS) domain requires structured incident response through signaling, investigation, and iterative decision loops. Practical guide t…

NIS2

|

ACN

|

compliance

|

CSIRT

|

baseline

|

cybersecurity

|

escalation

|

detection

|

DE

|

monitoring

|

SIEM

|

log

|

triage

NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling

February 04, 2026

The NIS2 Detection (DE) domain requires monitoring networks, services, and endpoints to identify adverse events early. Practical guide to log readine…

NIS2

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

risk assessment

|

identification

|

ID

|

asset management

|

vulnerability

|

improvement

NIS2 Identification Controls (ID): Inventories, Risk Assessment, and Improvement Cycle

January 31, 2026

The NIS2 Identification (ID) domain covers asset visibility, risk assessment, treatment planning, vulnerability processes, and improvement cycles. Pr…

Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)

NIS2

|

EU

|

GRC

|

incident response

|

cybersecurity

|

supply chain

|

Italy

|

Cybersecurity Act

|

DORA

|

ENISA

|

edge security

|

VPN

|

ransomware

|

healthcare

|

third-party risk

|

digital resilience

|

certification

Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)

January 31, 2026

Aegister’s January 2026 monthly cybersecurity report: EU cybersecurity package with Cybersecurity Act revision and NIS2 simplification amendments, DO…

NIS2

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

supply chain

|

governance

|

GV

|

policy

|

roles

|

accountability

NIS2 Governance Controls (GV): Policies, Roles, and Accountability Model

January 30, 2026

The NIS2 Governance (GV) domain defines cybersecurity direction, accountability, and oversight. Practical guide to implementing GV controls: context,…

NIS2

|

ACN

|

compliance

|

cybersecurity

|

incident notification

|

CSIRT Italia

|

Article 25

|

notifica incidenti

|

24 hours

|

72 hours

NIS2 Article 25 in Practice: Incident Notification Obligations and Operating Timeline

January 29, 2026

Article 25 of Italy's NIS decree requires notification of significant incidents to CSIRT Italia. Practical guide to the 24h/72h notification timeline…

NIS2

|

ACN

|

compliance

|

baseline

|

cybersecurity

|

Article 24

|

risk management

|

gestione rischio

|

controls

|

NIST CSF

NIS2 Article 24 in Practice: How to Implement Cybersecurity Risk-Management Measures

January 28, 2026

Article 24 of Italy's NIS decree requires proportionate cybersecurity measures. Practical guide to implementing control families (GV/ID/PR/DE/RS/RC) …

Contacts

Follow us

Cybersecurity - sicurezza-informatica

UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

NIS 2026 Reminder: 8 Days Left Before the 28 February Registration Deadline

ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now

NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties

NIS2 Supply-Chain Security: Managing Critical Suppliers and High-Impact Procurements

NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof

NIS2 Significant Incident IS-3: Violation of Expected Service Levels

NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

NIS2 baseline deadline October 2026: 8-month implementation roadmap

NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

NIS2 Incident Typology Model: Condition, Compromise, and Affected Object

NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration

NIS2 Response Controls (RS): Containment and Eradication in Incident Handling

NIS2 Response Controls (RS): Signaling and Investigation Operating Model

NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling

NIS2 Identification Controls (ID): Inventories, Risk Assessment, and Improvement Cycle

Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)

NIS2 Governance Controls (GV): Policies, Roles, and Accountability Model

NIS2 Article 25 in Practice: Incident Notification Obligations and Operating Timeline

NIS2 Article 24 in Practice: How to Implement Cybersecurity Risk-Management Measures

Contacts

Follow us

Cybersecurity - sicurezza-informatica

UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

NIS 2026 Reminder: 8 Days Left Before the 28 February Registration Deadline

ACN Adopts Incident Taxonomy Under Law 90/2024: What Obligated Entities Must Do Now

NIS2 Point of Contact and CSIRT Contact Role: Accountability and Operating Duties

NIS2 Supply-Chain Security: Managing Critical Suppliers and High-Impact Procurements

NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof

NIS2 Significant Incident IS-3: Violation of Expected Service Levels

NIS2 Significant Incident IS-2: Integrity Loss Affecting Digital Data

NIS2 baseline deadline October 2026: 8-month implementation roadmap

NIS2 Significant Incident IS-1: Confidentiality Loss Affecting Digital Data

NIS2 Incident Typology Model: Condition, Compromise, and Affected Object

NIS2 Recovery Controls (RC): Operational Resilience and Service Restoration

NIS2 Response Controls (RS): Containment and Eradication in Incident Handling

NIS2 Response Controls (RS): Signaling and Investigation Operating Model

NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling

NIS2 Identification Controls (ID): Inventories, Risk Assessment, and Improvement Cycle

Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)

NIS2 Governance Controls (GV): Policies, Roles, and Accountability Model

NIS2 Article 25 in Practice: Incident Notification Obligations and Operating Timeline

NIS2 Article 24 in Practice: How to Implement Cybersecurity Risk-Management Measures

Request Aegister Cybersecurity Services