How Black Cat SSPM maps to NIS2 Directive
Directive on measures for a high common level of cybersecurity across the Union — risk management measures for essential and important entities (Article 21)
NIS2-21 — Cybersecurity Risk Management Measures
Appropriate and proportionate technical, operational, and organizational measures to manage risks posed to the security of network and information systems (Article 21(1))
NIS2-21.a — Risk analysis and information system security policies
Policies on risk analysis and information system security (Article 21(2)(a))
- Security Auto-Provisioning Disabled (azure)
- Security Alert Notifications Disabled (azure)
- Security Contact Email Missing (azure)
- Security Contact Phone Missing (azure)
- Security Contact Missing (gcp)
- Defender App Service Disabled (azure)
- Defender Containers Disabled (azure)
- Defender Key Vault Disabled (azure)
- Defender Resource Manager Disabled (azure)
- Defender Servers Disabled (azure)
- Defender SQL Disabled (azure)
- Defender Storage Disabled (azure)
- SQL Threat Detection Disabled (azure)
- SQL Vulnerability Assessment Disabled (azure)
- Repo Dependabot Disabled (github)
- Repo Secret Scanning Disabled (github)
- Project Container Scanning Disabled (gitlab)
- No Alert Rules Configured (grafana)
- Config Policies Disabled (circleci)
- Config Policies Soft Fail (circleci)
- No Compliance Framework (gitlab)
- Vault Exported (1password)
- S3 Bucket Policy Public (aws)
- S3 Bucket Public Access Not Blocked (aws)
- Confluence Space Anonymous Access (atlassian)
- Confluence Space Public Links (atlassian)
- Jira Project Public Access (atlassian)
- Storage Public Blob Access (azure)
- Excessive Env Vars (circleci)
- Dashboard Public Sharing (datadog)
- Dashboard Public URL (datadog)
- Plain Text Env Var (digitalocean)
- Public Storage Bucket (gcp)
- Group Forking Allowed Outside (gitlab)
- Group Public Visibility (gitlab)
- Group Sharing Outside Organization (gitlab)
- Group Sharing Unlocked (gitlab)
- Public Project (gitlab)
- Active External Data Link (google_ads)
- Overly Permissive Dashboard (grafana)
- Overly Permissive Folder (grafana)
- Public Dashboard (grafana)
- Public Status Page (incidentio)
- Default Calendar Sharing Too Permissive (m365)
- Default Group Access Public (m365)
- Default Sharing Policy Allows External (m365)
- Distribution Group Open Join Policy (m365)
- Distribution List Allows External Senders (m365)
- External Forwarding on Mailbox (m365)
- Forwarding Address Configured (m365)
- Forwarding SMTP to External (m365)
- Guest Access to Group Content Not Restricted (m365)
- LinkedIn Integration Enabled in OWA (m365)
- Mailbox Delivers to Both Mailbox and Forward (m365)
- Mobile Contact Sync Enabled in OWA (m365)
- Organization Sharing Enabled (m365)
- Outbound Spam External Forwarding Allowed (m365)
- Public Microsoft 365 Group (m365)
- Remote Domain Auto-Forwarding Allowed (m365)
- Sharing Policy Allows External Domains (m365)
- Transport Rule Forwards Outside Org (m365)
- Transport Rule Redirects Externally (m365)
- Export Enabled (notion)
- External Guest Access (notion)
- Guest Invitations Enabled (notion)
- Public Sharing Enabled (notion)
- Publicly Shared Database (notion)
- Publicly Shared Page (notion)
- Stale Public Page (notion)
- Debug Files Access (sentry)
- Enhanced Privacy Disabled (sentry)
- Event Attachments Access (sentry)
- Open Membership (sentry)
- Shared Issues Enabled (sentry)
- Password Protection Disabled (shopify)
- Webhook External Destination (shopify)
- Public File Sharing (slack)
- No Storage Integration Required (snowflake)
- Outbound Share Review (snowflake)
- Share To Many Accounts (snowflake)
- Unload To Inline URL (snowflake)
- Unload To Internal Stages (snowflake)
- External Messaging Enabled (teams)
- External Shared Channel (teams)
- Public Team (teams)
- Unrestricted External Federation (teams)
- Auto Expose System Environment Variables (vercel)
- Directory Listing Enabled (vercel)
- Exposed to Preview (vercel)
- IP Visibility Enabled (vercel)
- Plain Text Secret (vercel)
- Public Source (vercel)
- Sensitive Env Var Policy Disabled (vercel)
- Drive External Shared Drives Allowed (workspace)
- Drive External Sharing Enabled (workspace)
- Drive File Broad Internal Sharing (workspace)
- Drive File Excessive Permissions (workspace)
- Drive File External Commenter Access (workspace)
- Drive File External Edit Access (workspace)
- Drive File Link Sharing Enabled (workspace)
- Drive File Org-Wide Link Sharing (workspace)
- Drive File Owner Is External (workspace)
- Drive File Public Sharing (workspace)
- Drive File Publicly Indexed (workspace)
- Drive File Shared With External Domain (workspace)
- Drive File Shared With Personal Email (workspace)
- Drive File Stale External Sharing (workspace)
- Drive Link Sharing Anyone (workspace)
- Drive Publish to Web Allowed (workspace)
- Drive Shared Drive Has External Members (workspace)
- Drive Sharing Outside Organization (workspace)
- Drive User Excessive External Sharing (workspace)
- Group Allows External Members (workspace)
- Group Allows External Posting (workspace)
- Group Allows Open Join (workspace)
- Group Contact Owner Anyone (workspace)
- Group Discoverable by Anyone (workspace)
- Group Domain-Wide Membership Visibility (workspace)
- Group Public Conversations (workspace)
- Mail Delegation Enabled (workspace)
- Shared Drive Allows External Users (workspace)
- Shared Drive Allows Non-Members (workspace)
- Shared Drive Has External Members (workspace)
- Shared Drive No Download Restriction (workspace)
NIS2-21.b — Incident handling
Incident handling procedures and capabilities (Article 21(2)(b))
- Audit Logging Not Enabled (gcp)
- Data Access Logs Incomplete (gcp)
- Global Mailbox Auditing Disabled (m365)
- Mailbox Auditing Disabled (m365)
- Mailbox Audit Bypass Configured (m365)
- User Mailbox Auditing Disabled (m365)
- Audit Logging Disabled (datadog)
- Audit Log Retention Period (datadog)
- CloudTrail Not Logging (aws)
- CloudTrail Not Multi-Region (aws)
- CloudTrail Log Validation Disabled (aws)
- S3 Bucket Logging Disabled (aws)
- SQL Auditing Disabled (azure)
- SQL Audit Retention Short (azure)
- Key Vault Diagnostic Logging Disabled (azure)
- NSG Flow Logs Disabled (azure)
- App Service Logging Disabled (azure)
- Alert Disabled (azure)
- Alert NSG Create Missing (azure)
- Alert NSG Delete Missing (azure)
- Alert Policy Assignment Missing (azure)
- Alert Security Solution Create Missing (azure)
- Alert Security Solution Delete Missing (azure)
- Alert SQL Firewall Missing (azure)
- Sensitive Audit Event (openai)
- Log Drain Disabled (vercel)
- No Log Drain (vercel)
- Failed Sign-in Attempt (1password)
- Failed Sign-in From Untrusted Location (1password)
- High Failed Logins (salesforce)
- CA Block Risky Sign-ins Missing (m365)
- Master Password Changed (1password)
- AWS Config Not Recording (aws)
- CloudTrail Data Events Disabled (aws)
- VPC Flow Logs Disabled (aws)
- Modifiable Retention Policy (box)
- No Indefinite Retention Policies (box)
- No Retention Policies Defined (box)
- Permanent Delete Disposition Action (box)
- Retired Retention Policy (box)
- Short Retention Period (box)
- Office Add-in Disabled (dropbox)
- Suspended Member Not Removed (dropbox)
- Subnet Flow Logs Disabled (gcp)
- Alert Source No Auto-Resolve (incidentio)
- Escalation Path Shallow (incidentio)
- Schedule No Holiday Configuration (incidentio)
- Schedule Without Active Shift (incidentio)
- Single Responder Escalation (incidentio)
- Single Rotation Schedule (incidentio)
- Workflow Disabled or Error (incidentio)
- Workflow Ignores Step Errors (incidentio)
- Non-Shared Mailbox Audit Bypass (m365)
- Shared Mailbox Sent-As Not Audited (m365)
- Shared Mailbox Sent-On-Behalf Not Audited (m365)
- Unified Audit Log Not Enabled (m365)
- Escalation Policy Without Loops (pagerduty)
- Escalation Policy Without Schedule (pagerduty)
- Possibly Abandoned Service (pagerduty)
- Service Without Auto-Resolve (pagerduty)
- Service Without Escalation Policy (pagerduty)
- Single User Escalation Rule (pagerduty)
- Single User Schedule (pagerduty)
- Audit Log Using Local Filesystem Storage (teleport)
- Proxy Host Key Checks Disabled (teleport)
- Role Disables Session Recording (teleport)
- Session Recording Disabled (teleport)
- Session Recording in Async Mode (teleport)
- Session Recording in Proxy Mode (teleport)
NIS2-21.c — Business continuity and crisis management
Business continuity, such as backup management and disaster recovery, and crisis management (Article 21(2)(c))
- S3 Bucket Versioning Disabled (aws)
- Bucket Versioning Disabled (gcp)
- Storage Blob Soft Delete Disabled (azure)
- Storage Container Soft Delete Disabled (azure)
- Backups Disabled (digitalocean)
- Database Single Node (digitalocean)
- Kubernetes HA Disabled (digitalocean)
- No Backups (digitalocean)
- Storage Container Versioning Disabled (ovhcloud)
- Property No Origin Failover (akamai)
- Primary Zone No Secondary (akamai)
- Single Node Cluster (digitalocean)
- Super Admin Redundancy Missing (okta)
- Super Admin Redundancy Missing (workspace)
- Super Admin Redundancy Missing (cloudflare)
- Owner Redundancy Missing (openai)
- Admin Redundancy Missing (anthropic)
- Admin Redundancy (datadog)
- Single Account Owner (pagerduty)
- Single Account Owner (incidentio)
- Owner Redundancy (slack)
- Workspace Single Admin (anthropic)
- Workspace Single Admin (workato)
- Key Vault Purge Protection Disabled (azure)
- Key Vault Soft Delete Disabled (azure)
NIS2-21.d — Supply chain security
Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers (Article 21(2)(d))
- OAuth App Critical Scopes (workspace)
- OAuth App Broad Scopes (okta)
- OAuth App With Restricted Scopes Widely Authorized (workspace)
- OAuth App With Restricted Scopes (workspace)
- OAuth App Inactive With Grants (okta)
- OAuth App AI With Data Scopes (workspace)
- OAuth App AI With Data Scopes (m365)
- OAuth App AI With Broad Access (okta)
- Multi-Tenant App Without Verified Publisher (m365)
- Risk-Based Consent Not Configured (m365)
- Admin Consent Requests Disabled (m365)
- Users Can Register Applications (m365)
- Excessive API Scopes (shopify)
- Excessive Integrations (discord)
- Broad Integration Capabilities (notion)
- Unrestricted Integration (notion)
- Stale Integration (notion)
- Stale Integration (vercel)
- Overprivileged Integration (vercel)
- App Approval Not Required (slack)
- App Management Unrestricted (slack)
- Marketplace Apps Not Required (slack)
- Custom App Sideloading (teams)
- Unapproved Third-Party App (teams)
- OAuth Integration Permissive (snowflake)
- Connection to Sensitive Provider (workato)
- Recipe Excessive Application Integrations (workato)
- Users Can Install Outlook Add-ins (m365)
- Copilot License Assigned (m365)
- Copilot License on Guest User (m365)
- Excessive Applications Installed (box)
- Unauthorized Application (box)
- Bot With Admin (discord)
- Orphaned Webhook (discord)
- Webhook Inventory (discord)
- Connected App with Full Dropbox Access (dropbox)
- Excessive Connected Apps per Member (dropbox)
NIS2-21.e — Security in acquisition, development, and maintenance
Security in network and information systems acquisition, development, and maintenance, including vulnerability handling and disclosure (Article 21(2)(e))
- Repo Branch Protection Disabled (github)
- Project Branch Protection Disabled (gitlab)
- Project Force Push Allowed (gitlab)
- Project Merge Approvals Disabled (gitlab)
- Project No Code Owner Approval (gitlab)
- Actions Allow All External (github)
- Pipeline Hardcoded Secrets (circleci)
- Pipeline Deprecated Image (circleci)
- User Checkout Key (circleci)
- Forked PR Builds Enabled (circleci)
- Orb Allowlist Empty (circleci)
- Old Service Account Keys (gcp)
- User Managed Service Account Keys (gcp)
- Old Access Keys Not Rotated (aws)
- Storage Key Not Rotated (azure)
- API Token Older Than 90 Days (atlassian)
- Stale API Key (openai)
- Stale API Key (anthropic)
- Stale API Key (gcp)
- Outdated Kubernetes Version (digitalocean)
- Outdated Version (digitalocean)
- Outdated Plugin (grafana)
- Community Plugin (grafana)
- Unsigned Plugin (grafana)
- Empty Vault User (1password)
- Firewall Rule Changed (1password)
- SSO Policy Modified (1password)
- Signing Key Changed (1password)
- Default Security Group Has Rules (aws)
- Default VPC In Use (aws)
- EC2 IMDSv2 Not Enforced (aws)
- EC2 Instance Has Public IP (aws)
- GuardDuty Not Enabled (aws)
- KMS Key Disabled (aws)
- KMS Key Pending Deletion (aws)
- RDS Backup Retention Too Short (aws)
- RDS Publicly Accessible (aws)
- RDS Storage Not Encrypted (aws)
- Unrestricted Egress (aws)
- Unrestricted RDP Access (aws)
- Unrestricted SSH Access (aws)
- CP Code Unused (akamai)
- Edge Hostname IPv4 Only (akamai)
- Geo Firewall Not Configured (akamai)
- Group With No Contracts (akamai)
- IP Firewall Not Configured (akamai)
- Property Caching Disabled (akamai)
- Property Not Locked (akamai)
- Rate Control Threshold Too Permissive (akamai)
- Rate Controls Disabled (akamai)
- SOA Serial Stale (akamai)
- Slow POST Protection Disabled (akamai)
- SureRoute Not Enabled (akamai)
- TSIG Not Enabled (akamai)
- WAF Policy Alert-Only Mode (akamai)
- WAF Policy Excessive Exceptions (akamai)
- Zone Transfer Unrestricted (akamai)
- Archived Workspace Not Deleted (anthropic)
- Stale Workspace (anthropic)
- App Service FTP Enabled (azure)
- App Service HTTP/2 Disabled (azure)
- App Service Remote Debugging Enabled (azure)
- Key Vault Network ACLs Allow (azure)
- Key Vault No Private Endpoint (azure)
- NSG All Ports Open (azure)
- NSG Permissive Outbound (azure)
- NSG UDP Open (azure)
- NSG Unrestricted RDP (azure)
- NSG Unrestricted SSH (azure)
- SQL Firewall Allow Azure Services (azure)
- SQL Firewall Unrestricted (azure)
- Storage Network Default Allow (azure)
- Storage Shared Key Enabled (azure)
- Extension With Risky Permissions (chrome_enterprise)
- Outdated Browser Version (chrome_enterprise)
- Safe Browsing Disabled (chrome_enterprise)
- Sideloaded Extension Detected (chrome_enterprise)
- Schedule Non-Default Branch (circleci)
- Stale Runner (circleci)
- Webhook Insecure URL (circleci)
- Webhook Unverified TLS (circleci)
- CORS Allows All Origins (cloudflare_access)
- Allows All Inbound (digitalocean)
- Allows All Outbound (digitalocean)
- Auto Upgrade Disabled (digitalocean)
- Basic Tier (digitalocean)
- Database No Maintenance Window (digitalocean)
- Default VPC Used (digitalocean)
- Droplet Powered Off (digitalocean)
- Email Not Verified (digitalocean)
- IPv6 Disabled (digitalocean)
- Kubernetes No Registry Integration (digitalocean)
- Kubernetes SSO Not Enabled (digitalocean)
- No Droplets Attached (digitalocean)
- No Firewall (digitalocean)
- No Garbage Collection (digitalocean)
- No VPC (digitalocean)
- Publicly Accessible (digitalocean)
- SSH Open To All (digitalocean)
- Surge Upgrade Disabled (digitalocean)
- Bulk Recipients Enabled (docusign)
- No IP Restrictions (docusign)
- No Signer Certificate Required (docusign)
- PowerForms Enabled (docusign)
- Recipient Domain Validation Disabled (docusign)
- Sign On Paper Enabled (docusign)
- Signer Reassignment Enabled (docusign)
- Cloud SQL Backup Not Enabled (gcp)
- Cloud SQL Instance Has Public IP (gcp)
- Cloud SQL SSL Not Required (gcp)
- Default VPC In Use (gcp)
- Essential Contacts Coverage Incomplete (gcp)
- Firewall Rule Egress Open to World (gcp)
- Firewall Rule Exposes Dangerous Port (gcp)
- Instance Serial Port Enabled (gcp)
- Public Firewall Rule (gcp)
- Shielded VM Disabled (gcp)
- Public Repo Without Security Policy (github)
- Webhook Insecure URL (github)
- Active Runner Offline (gitlab)
- Group No IP Restriction (gitlab)
- Integration Insecure URL (gitlab)
- Project Discussions Not Required (gitlab)
- Shared Runner Not Locked (gitlab)
- Broad Mute Timing (grafana)
- Data Source Basic Auth (grafana)
- Data Source With Credentials (grafana)
- Direct Access Data Source (grafana)
- IP Allowlist Disabled (incidentio)
- Admin Stale Master Password (lastpass)
- Critically Low Shared Folder Score (lastpass)
- Empty Vault User (lastpass)
- Low Shared Folder Security Score (lastpass)
- Master Password Never Changed (lastpass)
- Stale Master Password (lastpass)
- ActiveSync Integration Enabled for OWA (m365)
- Blocked File Type Action Not Quarantine (m365)
- Common Attachment Types Missing (m365)
- Connection Filter Not Configured (m365)
- Customer Lockbox Not Enabled (m365)
- Distribution List Hidden From GAL (m365)
- Group Naming Convention Not Configured (m365)
- Inbound Spam Bulk Threshold Too High (m365)
- Mailbox Move Enabled for Org Relationships (m365)
- Mailbox SMTP Auth Not Disabled (m365)
- No File Types Blocked in OWA (m365)
- No MIME Types Blocked in OWA (m365)
- OWA Clickjacking Protection Not Set (m365)
- On-Send Add-ins Enabled in OWA (m365)
- Outbound Spam Thresholds Not Configured (m365)
- Remote Domain Auto-Reply Enabled (m365)
- Remote Domain Delivery Reports Enabled (m365)
- Remote Domain NDR Enabled (m365)
- Remote Domain TNEF Enabled (m365)
- Remote Domain Trusted Inbound Enabled (m365)
- Remote Domain Trusted Outbound Enabled (m365)
- SMTP Auth Not Disabled Globally (m365)
- Self-Service Subscriptions Enabled (m365)
- Sensitivity Labels Not Configured (m365)
- Transport Rule Deletes Messages (m365)
- Transport Rule Disabled (m365)
- Transport Rule Includes BCC (m365)
- Transport Rule Processes External Sender (m365)
- Unknown File Types Not Blocked (m365)
- Unverified Domain (m365)
- Unverified Federated Domain (m365)
- Cloud Project Suspended (ovhcloud)
- Developer Mode Enabled (ovhcloud)
- IAM Policy Excessive Identities (ovhcloud)
- IAM Policy No Identities (ovhcloud)
- Instance Has Public IP (ovhcloud)
- Instance In Shelved State (ovhcloud)
- Instance Rescue Mode (ovhcloud)
- Instance Using Default Image (ovhcloud)
- OAuth2 Client No Description (ovhcloud)
- Active Project Without Users (openai)
- Disproportionate Output Tokens (openai)
- Excessive API Request Volume (openai)
- Project Without Rate Limits (openai)
- Integration No Network Policy (snowflake)
- Low Data Retention (snowflake)
- Network Policy No Blocklist (snowflake)
- Network Policy Wildcard (snowflake)
- No Account Resource Monitor (snowflake)
- No Network Policy (snowflake)
- No SCIM Configured (snowflake)
- Resource Monitor Notify Only (snowflake)
- SSO Login Page Disabled (snowflake)
- Warehouse No Auto Resume (snowflake)
- Warehouse No Auto Suspend (snowflake)
- Warehouse No Resource Monitor (snowflake)
- Warehouse Oversized (snowflake)
- No Client Idle Timeout Configured (teleport)
- No Network Restrictions Configured (teleport)
- Node Running Outdated Teleport Version (teleport)
- Overly Broad Network Allow Rule (teleport)
- Trusted Cluster Is Disabled (teleport)
- Agent Pool Organization Scoped (terraform_cloud)
- Notification No HMAC Token (terraform_cloud)
- Organization Default Execution Mode Local (terraform_cloud)
- Organization Force Delete Allowed (terraform_cloud)
- Run Task Advisory Enforcement (terraform_cloud)
- Run Task No HMAC Key (terraform_cloud)
- SSH Key Present (terraform_cloud)
- VCS Connection Organization Scoped (terraform_cloud)
- Variable Set Priority Override (terraform_cloud)
- Workspace Drift Detection Disabled (terraform_cloud)
- Workspace No VCS Connection (terraform_cloud)
- Workspace Outdated Terraform Version (terraform_cloud)
- Deployment Protection Disabled (vercel)
- Domain Expiring Soon (vercel)
- Fork Protection Disabled (vercel)
- Insecure Log Drain (vercel)
- No Target Restriction (vercel)
- Project No Deployment Protection (vercel)
- Strict Deployment Protection Disabled (vercel)
- Broken Connection (workato)
- Stale Connection (workato)
- Workspace Recipe Limit (workato)
- Automatic Email Forwarding Enabled (workspace)
- Domain Not Verified (workspace)
- Drive Shared Drive Creation Unrestricted (workspace)
- Gemini Not Licensed (workspace)
- Group Spam Moderation Disabled (workspace)
- IMAP Access Enabled (workspace)
- POP Access Enabled (workspace)
- Shared Drive Folder Sharing Unrestricted (workspace)
- Shared Drive No Admin Restrictions (workspace)
- Chat File Transfer Enabled (zoom)
- Cloud Recording No Auto-Delete (zoom)
- Local Recording Enabled (zoom)
- No Meeting Password Required (zoom)
- Unauthenticated Join Allowed (zoom)
- Waiting Room Disabled (zoom)
NIS2-21.f — Cybersecurity risk management effectiveness assessment
Policies and procedures to assess the effectiveness of cybersecurity risk management measures (Article 21(2)(f))
- Monitoring Disabled (digitalocean)
- Network Watcher Disabled (azure)
- MFA Suspicious Activity Reporting Disabled (m365)
- Usage Anomaly (openai)
- Diagnostic Retention Short (azure)
- Admin Malware Notifications Disabled (m365)
- Outbound Spam Notification Disabled (m365)
- Suspicious Outbound Copy Not Enabled (m365)
- External Contact Point (grafana)
- New User Notification Disabled (slack)
- Recent Sensitive Change (google_ads)
- Alert Source Unowned (incidentio)
- App No Description (slack)
- Archive Channel Unrestricted (slack)
- Default Channels Excessive (slack)
- Display Name Not Validated (slack)
- Everyone Notify General (slack)
- Inactive Channel (slack)
- Message Edit Unrestricted (slack)
- Notify Channel Unrestricted (slack)
- Public Channel Retention Limited (slack)
- Remove Private Channel Unrestricted (slack)
- Remove Public Channel Unrestricted (slack)
- Slackbot Responses Unrestricted (slack)
- User Groups Unrestricted (slack)
- Workflow Creation Unrestricted (slack)
- Channel Without Moderation (teams)
- Large Team Without Moderation (teams)
- Meeting Recording Disabled (teams)
- Message Edit Delete Unrestricted (teams)
- Team Without Description (teams)
- Policy Set Empty (terraform_cloud)
- Policy Set Not Global (terraform_cloud)
- Policy Set Overridable (terraform_cloud)
- Sentinel Policy Advisory Only (terraform_cloud)
- Workspace Auto Apply Enabled (terraform_cloud)
- Workspace Destroy Plan Allowed (terraform_cloud)
- Collaborator Group No Description (workato)
NIS2-21.g — Basic cyber hygiene practices and training
Basic cyber hygiene practices and cybersecurity training (Article 21(2)(g))
- Anti-Phishing First Contact Tip Disabled (m365)
- Anti-Phishing Spoof Detection Weak (m365)
- Mail Tips Not Fully Enabled (m365)
- External Recipient Mail Tips Disabled (m365)
- WAF Disabled (cloudflare)
- Account Protection Disabled (akamai)
- WAF In Alert-Only Mode (akamai)
- Bot Management Disabled (akamai)
- Browser Integrity Check Disabled (cloudflare)
- Zero-Hour Auto Purge Disabled (m365)
- Common Attachment Types Filter Disabled (m365)
- Comprehensive Spam Marking Disabled (m365)
- High Confidence Spam Not Quarantined (m365)
- SPF Record Missing (m365)
- SPF Hard Fail Not Enabled (m365)
- DMARC Record Missing (m365)
- DKIM Not Configured (workspace)
- Content Filter Not Full (discord)
- No AutoMod Rules (discord)
- No Keyword Filtering (discord)
- No Spam Protection (discord)
NIS2-21.h — Cryptography and encryption
Policies and procedures regarding the use of cryptography and, where appropriate, encryption (Article 21(2)(h))
- SSL Encryption Disabled (cloudflare)
- SSL Mode Flexible (cloudflare)
- TLS Mode Not Strict (cloudflare)
- TLS 1.3 Disabled (cloudflare)
- Minimum TLS Version Weak (cloudflare)
- Opportunistic Encryption Disabled (cloudflare)
- Always Use HTTPS Disabled (cloudflare)
- HSTS Disabled (cloudflare)
- Automatic HTTPS Rewrites Disabled (cloudflare)
- HSTS Not Enabled (akamai)
- HSTS Max-Age Too Short (akamai)
- Origin Not Using TLS (akamai)
- TLS Version Below 1.2 (akamai)
- DNSSEC Not Enabled (akamai)
- App Service HTTPS Disabled (azure)
- App Service Minimum TLS (azure)
- Storage HTTPS Not Required (azure)
- Storage Minimum TLS (azure)
- SQL Minimum TLS (azure)
- SQL TDE Disabled (azure)
- Storage Infrastructure Encryption Disabled (azure)
- S3 Bucket Encryption Disabled (aws)
- KMS Key Rotation Disabled (aws)
- S/MIME Not Configured (workspace)
- S/MIME Encryption Not Enforced (m365)
- S/MIME Signing Not Enforced (m365)
- SSL Not Enforced (digitalocean)
- No SSL Termination (digitalocean)
- HTTP Allowed (digitalocean)
- Data Rekeying Disabled (snowflake)
- Webhook Using HTTP (shopify)
- SSL Not Verified (vercel)
- Data Source TLS Skip Verify (grafana)
- Edge Hostname Using Shared Cert (akamai)
- HTTP/2 Not Enabled (akamai)
- Key Vault Key No Expiry (azure)
- Key Vault Secret No Expiry (azure)
- Bidirectional Collaboration Whitelist (box)
- Broad Inbound Collaboration Whitelist (box)
- No Collaboration Whitelist Entries (box)
- Device Without Disk Encryption (chrome_enterprise)
- Expired Service Token Not Deleted (cloudflare_access)
- Service Token Without Expiry (cloudflare_access)
- Stale Service Token (cloudflare_access)
- Unused API Key (datadog)
- Insecure Backend (digitalocean)
- Guild Publicly Discoverable (discord)
- NSFW Channel (discord)
- No Mention Spam Protection (discord)
- Widget Enabled (discord)
- External Folder Join Unrestricted (dropbox)
- Folder Link Restriction Not Enforced (dropbox)
- Public Shared Links Allowed by Default (dropbox)
- Shared Folders Open to Anyone (dropbox)
- Dormant Cloud Token (grafana_cloud)
- Excessive Tokens Per Policy (grafana_cloud)
- Non-Expiring Cloud Token (grafana_cloud)
- Recently Created Token Without Use (grafana_cloud)
- Token With Wildcard Policy (grafana_cloud)
- S/MIME Buffer Encryption Not Enabled (m365)
- S/MIME CRL Timeout Too Long (m365)
- S/MIME Cert Chain With Root Not Included (m365)
- S/MIME Cert Chain Without Root Not Included (m365)
- S/MIME Clear Signing Not Enabled (m365)
- S/MIME Encryption Algorithms Not Configured (m365)
- S/MIME Triple-Wrap Not Enabled (m365)
- Storage Container No Lifecycle (ovhcloud)
- Storage Container Permissive CORS (ovhcloud)
- Storage Container Public (ovhcloud)
- Extension Disabled (pagerduty)
- Webhook External URL (pagerduty)
- Webhook Inactive (pagerduty)
- Public Sharing Model (salesforce)
- Data Scrubber Defaults Disabled (sentry)
- Data Scrubber Disabled (sentry)
- Application Has TLS Verification Disabled (teleport)
- Database Configured Without TLS (teleport)
- Variable Not Marked Sensitive (terraform_cloud)
- Variable Plaintext Credentials (terraform_cloud)
- Variable Set Global Scope (terraform_cloud)
- Workspace Global Remote State (terraform_cloud)
NIS2-21.i — Human resources security, access control, and asset management
Human resources security, access control policies, and asset management (Article 21(2)(i))
- Super Admin Count Excessive (okta)
- Super Admin Count Excessive (workspace)
- Super Admin Count Excessive (cloudflare)
- Excessive Admins (datadog)
- Excessive Admins (zoom)
- Excessive Admins (slack)
- Excessive Admins (pagerduty)
- Excessive Admins (sentry)
- Excessive Admins (discord)
- Excessive Admins (docusign)
- Excessive Admins (shopify)
- Excessive Admins (workato)
- Excessive Org Admins (anthropic)
- Excessive Organization Owners (openai)
- Excessive Cloud Admins (grafana_cloud)
- Excessive Project Owners (gcp)
- Owner Count Exceeded (azure)
- Overly Permissive IAM Binding (gcp)
- Overly Permissive IAM Policy (aws)
- Overly Permissive Access Policy (grafana_cloud)
- Overly Broad Permission Profile (docusign)
- Staff Unrestricted Permissions (shopify)
- Overprivileged Member (workato)
- Excessive Modify All Data (salesforce)
- Permission Set Modify All Data (salesforce)
- Dormant Accounts (okta)
- Dormant Super Admins (okta)
- Dormant User (1password)
- Dormant Account (lastpass)
- Dormant User (sentry)
- Dormant Member (anthropic)
- Dormant User (grafana)
- Dormant User (snowflake)
- Inactive User (openai)
- Inactive User (atlassian)
- Inactive User (zoom)
- Inactive User With Access (docusign)
- Inactive Member (notion)
- Inactive Member (workato)
- Inactive IAM Users (aws)
- Stale Organization Member (github)
- Never Logged In Users (workspace)
- Suspended User Not Removed (1password)
- Suspended User With Access (atlassian)
- Disabled Account Not Removed (lastpass)
- Disabled User Not Removed (openai)
- Identity User Disabled Not Removed (ovhcloud)
- Deactivated Member Not Removed (gitlab)
- Session Idle Timeout Too Long (okta)
- Session Lifetime Too Long (okta)
- Session Duration Excessive (atlassian)
- Long Session Duration (cloudflare_access)
- OWA Session Timeout Disabled (m365)
- Desktop Session Unlimited (slack)
- Mobile Session Unlimited (slack)
- Service Account Token Created (1password)
- Sign-in From Untrusted Location (1password)
- Suspended User Activity (1password)
- Password Never Used (aws)
- Password Policy Expiration Too Long (aws)
- Root Access Key Exists (aws)
- Unused Access Keys (aws)
- API Client Broad Access (akamai)
- API Client Credentials Near Expiry (akamai)
- API Client Inactive (akamai)
- Custom Role With Admin Permissions (akamai)
- User Account Locked (akamai)
- User All Groups Access (akamai)
- User Inactive (akamai)
- API Key Created By Non-User (anthropic)
- Admin Invite Pending Review (anthropic)
- Excessive Workspace Admins (anthropic)
- Expired Invite Not Cleaned (anthropic)
- Inactive API Key Not Removed (anthropic)
- Managed User Review (anthropic)
- Stale Invite (anthropic)
- Unscoped API Key (anthropic)
- Unscoped Admin (anthropic)
- External User With Product Access (atlassian)
- Jira Project Permissive Default Roles (atlassian)
- User Dual Admin Role (atlassian)
- User With Multiple API Tokens (atlassian)
- App Service Auth Disabled (azure)
- App Service Managed Identity Disabled (azure)
- Classic Administrators (azure)
- Custom Admin Roles (azure)
- Guest Privileged Role (azure)
- Key Vault RBAC Not Enabled (azure)
- SQL AD Admin Not Configured (azure)
- Excessive Admin Users (box)
- External Collaboration Not Restricted (box)
- Inactive User Account (box)
- No Device Pins Configured (box)
- Platform Access Only Admin (box)
- User Exempt from Device Limits (box)
- User Exempt from Login Verification (box)
- Download Restrictions Not Set (chrome_enterprise)
- Incognito Mode Allowed (chrome_enterprise)
- Stale Browser (90+ Days Inactive) (chrome_enterprise)
- Unmanaged Browser (30+ Days Inactive) (chrome_enterprise)
- No Groups Defined (circleci)
- OIDC Not Configured (circleci)
- Unrestricted Context (circleci)
- External Account Member (cloudflare)
- Application Allows All IdPs (cloudflare_access)
- Application Without Policies (cloudflare_access)
- Bypass Decision Policy (cloudflare_access)
- Group Includes Everyone (cloudflare_access)
- Group With Empty Include Rules (cloudflare_access)
- No Purpose Justification (cloudflare_access)
- Policy Allows Everyone (cloudflare_access)
- Single Identity Provider (cloudflare_access)
- Application Key Write Scopes (datadog)
- Dashboard Permissions Open (datadog)
- External Admin (datadog)
- External Admin Service Account (datadog)
- SSO Not Enforced (datadog)
- Service Account Custom Role (datadog)
- Weak SSH Key (digitalocean)
- Channel Everyone Overwrite (discord)
- Everyone Role Has Dangerous Permissions (discord)
- Excessive Admin Roles (discord)
- Low Verification Level (discord)
- Member Verification Gate Disabled (discord)
- Overly Permissive Channel (discord)
- Permanent Invite (discord)
- Role Can Mention Everyone (discord)
- Role Has Administrator Permission (discord)
- Role Has Dangerous Permissions (discord)
- Unlimited Use Invite (discord)
- Long Mobile Session Timeout (docusign)
- Long Signing Session Timeout (docusign)
- Long Web Session Timeout (docusign)
- No Account Lockout (docusign)
- No Password Expiration (docusign)
- SSO Not Mandatory (docusign)
- Unclaimed Domain (docusign)
- User Without Group (docusign)
- EMM Not Required (dropbox)
- Email Not Verified (dropbox)
- Excessive Admin Users (dropbox)
- Excessive Device Sessions (dropbox)
- Group Creation Unrestricted (dropbox)
- Inactive Member Account (dropbox)
- Stale Desktop Session (dropbox)
- Stale Pending Invite (dropbox)
- Stale Web Session (dropbox)
- Bucket Uniform Access Disabled (gcp)
- Default SA Grant Not Disabled (gcp)
- External Members at Org Level (gcp)
- Instance Uses Default Service Account (gcp)
- KMS Separation of Duties Violation (gcp)
- Org-Level Editor Binding (gcp)
- Org-Level Owner Binding (gcp)
- Owner Role Group Assignment (gcp)
- Privileged Service Account Binding (gcp)
- SA Impersonation Role Binding (gcp)
- SA Key Creation Not Disabled (gcp)
- SA Key Upload Not Disabled (gcp)
- SA Separation of Duties Violation (gcp)
- Unrestricted API Key (gcp)
- Org Default Permission Too Permissive (github)
- Group Membership Unlocked (gitlab)
- Pending Invitation Not Accepted (gitlab)
- Email-Only User Access (google_ads)
- Excessive Admin Users (google_ads)
- Stale Pending Invitation (google_ads)
- Stale User Access (google_ads)
- Admin Without Recent Activity (grafana)
- Basic Auth Enabled With SSO (grafana)
- Disabled Service Account With Tokens (grafana)
- Excessive Admins (grafana)
- Non-Expiring Service Account Token (grafana)
- Service Account Admin Role (grafana)
- Single SSO Provider (grafana)
- Access Policy Without IP Restriction (grafana_cloud)
- Cloud Wildcard Access Policy (grafana_cloud)
- Excessive Admins (incidentio)
- User No Slack Linked (incidentio)
- User Without Base Role (incidentio)
- Workflow Accesses Private Data (incidentio)
- Admin Dormant (lastpass)
- Admin Never Logged In (lastpass)
- Excessive Shared Folder Admins (lastpass)
- Never Logged In Account (lastpass)
- Shared Folder All Admin (lastpass)
- Shared Folder Excessive Users (lastpass)
- Shared Folder No Read-Only Users (lastpass)
- Shared Folder Single Admin (lastpass)
- ActiveSync Does Not Block Unmanaged Devices (m365)
- App Certificate Credentials Expiring Soon (m365)
- App Expired Certificate Credentials (m365)
- App Expired Password Credentials (m365)
- App Long-Lived Certificate Credentials (m365)
- App Long-Lived Password Credentials (m365)
- App Password Credentials Expiring Soon (m365)
- App Using Password Credentials (m365)
- Auth Methods Migration Incomplete (m365)
- CA Block High Risk Users Missing (m365)
- CA Compliant Devices Not Required (m365)
- CA Device Code Flow Not Blocked (m365)
- CA Session Duration Not Set (m365)
- Direct File Access on Public Computers (m365)
- Excessive Global Administrators (m365)
- External Users With Admin Role (m365)
- Global Admin Not Cloud-Only (m365)
- Global Admin Redundancy Missing (m365)
- Guest Access to Groups Not Restricted (m365)
- Guest Group Privileges Not Restricted (m365)
- Guest Invitation Not Restricted (m365)
- Guest User Permissions Not Restricted (m365)
- Guest Users Present (m365)
- Lockout Duration Too Short (m365)
- M365 Group Creation Not Restricted (m365)
- MSOL PowerShell Not Blocked (m365)
- Mobile Device Allows Non-Provisionable (m365)
- Password Expiration Policy Enabled (m365)
- Password Lockout Threshold Too High (m365)
- Password Protection Mode Audit Only (m365)
- Password Protection On-Prem Disabled (m365)
- SP Certificate Credentials Expiring Soon (m365)
- SP Expired Certificate Credentials (m365)
- SP Expired Password Credentials (m365)
- SP Long-Lived Certificate Credentials (m365)
- SP Long-Lived Password Credentials (m365)
- SP Password Credentials Expiring Soon (m365)
- SP Using Password Credentials (m365)
- Self-Service Sign Up Enabled (m365)
- Shared Mailbox Sign-In Enabled (m365)
- TAP Character Length Too Short (m365)
- TAP Enabled for All Users (m365)
- TAP Global Policy Enabled (m365)
- TAP Maximum Lifetime Too Long (m365)
- TAP Not One-Time Use (m365)
- User Consent to Apps Not Restricted (m365)
- Users Can Create Security Groups (m365)
- Users Can Create Tenants (m365)
- WAC Viewing on Public Computers (m365)
- Bot Without Description (notion)
- Guest User Sprawl (notion)
- Member Without Email (notion)
- API Credential Never Used (ovhcloud)
- API Credential No Expiry (ovhcloud)
- API Credential No IP Restriction (ovhcloud)
- API Credential OVH Support Access (ovhcloud)
- API Credential Overly Permissive (ovhcloud)
- Excessive OAuth2 Clients (ovhcloud)
- IAM Policy Wildcard Actions (ovhcloud)
- IAM Policy Wildcard Resources (ovhcloud)
- Identity User No Group (ovhcloud)
- Identity User Password Never Changed (ovhcloud)
- No IP Restrictions (ovhcloud)
- Only SMS MFA Enabled (ovhcloud)
- SSH Key Size Too Small (ovhcloud)
- Weak SSH Key Algorithm (ovhcloud)
- Access Policy Default Not Deny (okta)
- App Not Using Federated Auth (okta)
- App With Individual User Assignments (okta)
- Super Admin API Tokens (okta)
- Weak Account Lockout (okta)
- API Key Non-User Owner (openai)
- Admin Key Non-User Owner (openai)
- Admin Key Sprawl (openai)
- Excessive Project API Keys (openai)
- Excessive Service Accounts (openai)
- Orphaned Service Account (openai)
- Project With Only Service Accounts (openai)
- Stale Admin Key (openai)
- Stale Service Account (openai)
- Unassigned User (pagerduty)
- API Access Review (salesforce)
- Frozen Active User (salesforce)
- Inactive Admin (salesforce)
- No Clickjack Protection (salesforce)
- Session Timeout Too Long (salesforce)
- Default Role Not Member (sentry)
- Old Pending Invite (sentry)
- Analytics Not Admin Only (slack)
- Excessive Owners (slack)
- External Admin (slack)
- Guest Multi Channel (slack)
- Guest Slash Commands (slack)
- Invite Approval Disabled (slack)
- Public Channel Creation Unrestricted (slack)
- SSO Display Name Change Allowed (slack)
- SSO Email Change Allowed (slack)
- SSO Not Enforced (slack)
- Shared Channels Unrestricted (slack)
- Slack Connect DM Unrestricted (slack)
- TLS Email Invites Disabled (slack)
- ACCOUNTADMIN Default Role (snowflake)
- ACCOUNTADMIN Excessive Grants (snowflake)
- Disabled User With Active Grants (snowflake)
- Excessive Admin Roles (snowflake)
- No Separation Of Duties (snowflake)
- Password Only Auth (snowflake)
- Service Account Password Auth (snowflake)
- User Not Disabled (snowflake)
- Anonymous Meeting Join Enabled (teams)
- Excessive Team Owners (teams)
- Guest Access Overly Permissive (teams)
- Guest Members in Team (teams)
- Lobby Bypass for Everyone (teams)
- Auth Connector Has Broad Claim Mapping (teleport)
- Auth Connector Has No Role Mappings (teleport)
- Auth Connector Maps Claims to Admin Role (teleport)
- GitHub Connector Maps All Teams (teleport)
- Local User Has No SSO Identity (teleport)
- Role Allows Impersonation (teleport)
- Role Enables SSH Agent Forwarding (teleport)
- Role Has Broad Admin RBAC Rules (teleport)
- Role Has Unlimited Session TTL (teleport)
- Role Has Wildcard App Labels (teleport)
- Role Has Wildcard Database Labels (teleport)
- Role Has Wildcard Kubernetes Labels (teleport)
- Role Has Wildcard Node Labels (teleport)
- Token Grants Admin Role (teleport)
- Token Grants Auth System Role (teleport)
- Token Has No Expiry (teleport)
- Token Uses Static Join Method (teleport)
- Trusted Cluster Has Broad Role Map (teleport)
- User Account Is Locked (teleport)
- User Has Admin Role (teleport)
- User Has Excessive Roles (teleport)
- Organization 2FA Not Enforced (terraform_cloud)
- Organization SAML Not Enabled (terraform_cloud)
- Organization Session Timeout Too Long (terraform_cloud)
- Team Excessive Permissions (terraform_cloud)
- Team Secret Visibility (terraform_cloud)
- Team Workspace Admin Access (terraform_cloud)
- User 2FA Not Enabled (terraform_cloud)
- User Pending Invitation (terraform_cloud)
- Access Group Empty (vercel)
- Auto Join Enabled (vercel)
- Excessive Members (vercel)
- Excessive Owners (vercel)
- Member Unconfirmed (vercel)
- Non-SSO Member (vercel)
- Overly Broad Access (vercel)
- SSO Not Enforced (vercel)
- Token No Expiration (vercel)
- Token Overprivileged (vercel)
- Token Stale (vercel)
- API Client No IP Restriction (workato)
- API Endpoint Inactive (workato)
- API Platform Client Excessive Keys (workato)
- Excessive API Clients (workato)
- No Custom Roles (workato)
- Admin With App Password (workspace)
- Dormant Users (workspace)
- User With App Password (workspace)
- SSO Not Enforced (zoom)
NIS2-21.j — Multi-factor authentication and secured communications
Use of multi-factor authentication or continuous authentication solutions, secured voice, video, and text communications, and secured emergency communication systems (Article 21(2)(j))
- Admin Without MFA (okta)
- MFA Not Enrolled (okta)
- Admin Without 2-Step Verification (workspace)
- User 2-Step Verification Not Enforced (workspace)
- MFA Not Enabled (cloudflare)
- Two-Factor Enforcement Disabled (cloudflare)
- Root Account MFA Not Enabled (aws)
- User MFA Not Enabled (aws)
- MFA Disabled (1password)
- Sign-in Without MFA (1password)
- MFA Not Enabled (lastpass)
- Admin Without MFA (lastpass)
- User Without MFA (atlassian)
- Two-Step Verification Not Enforced (atlassian)
- Org 2FA Not Required (github)
- Member Without 2FA (github)
- Group 2FA Not Enforced (gitlab)
- Member Without 2FA (gitlab)
- MFA Not Required (slack)
- User No MFA (slack)
- Admin Without MFA (zoom)
- User Without MFA (zoom)
- Admin Without MFA (salesforce)
- User Without MFA (salesforce)
- MFA Not Required for Admins (discord)
- User MFA Not Enabled (akamai)
- Identity User MFA Not Enabled (ovhcloud)
- MFA Not Enabled (ovhcloud)
- MFA Not Enabled (snowflake)
- Authentication Policy No MFA (snowflake)
- Staff MFA Disabled (shopify)
- No MFA Requirement (cloudflare_access)
- Weak Password Policy (okta)
- Weak Password Policy (aws)
- Weak Password Policy (salesforce)
- Weak Password Policy (snowflake)
- Weak Password Policy (zoom)
- Weak Password Length (docusign)
- Weak Password Strength (docusign)
- Very Weak Master Password (lastpass)
- Weak Master Password (lastpass)
- Custom Banned Passwords Not Enforced (m365)
- Weak Authentication Factors Enabled (m365)
- CA Legacy Auth Not Blocked (m365)
- SSO Not Configured (cloudflare)
- SSO Not Configured (workspace)
- SSO Not Configured (atlassian)
- SSO Disabled (datadog)
- SSO Disabled (pagerduty)
- SSO Disabled (grafana)
- SSO Disabled (sentry)
- SSO Disabled (slack)
- SSO Disabled (1password)
- No SSO Configured (docusign)
- No SSO Configured (snowflake)
- No SAML or OIDC Provider (cloudflare_access)
- Phishing Resistant Auth Policies (okta)
- Phishing Resistant MFA Factors (okta)
- MFA Status Unknown (1password)
- Password Manager Disabled (chrome_enterprise)
- One-Time PIN Only Authentication (cloudflare_access)
- Group 2FA Grace Period Too Long (gitlab)
- CA MFA Not Enforced (m365)
- Guest Email OTP Not Enabled (m365)
- MFA Registration Not Restricted (m365)
- Session MFA Not Required (okta)
- Advanced Permissions Disabled (pagerduty)
- Admin Action MFA Not Enforced (teleport)
- Cluster MFA Disabled (teleport)
- Device Trust Disabled (teleport)
- Expired Certificate Disconnect Disabled (teleport)
- Local Auth Enabled With SSO (teleport)
- Local User Has No MFA Device (teleport)
- Passwordless Without Hardware Key Policy (teleport)
- Role Does Not Require Session MFA (teleport)
- Session MFA Not Enforced (teleport)
- TOTP Without WebAuthn (teleport)
- User Uses Only TOTP for MFA (teleport)
- Admin 2-Step Verification Not Enforced (workspace)
- Delegated Admin Without 2-Step Verification (workspace)
- User Without 2-Step Verification (workspace)
NIS2-23 — Reporting Obligations
Obligation to report significant incidents to CSIRT or competent authority without undue delay (Article 23)
NIS2-23.1 — Early warning
Initial notification within 24 hours of becoming aware of a significant incident, indicating whether unlawful or malicious action is suspected (Article 23(4)(a))
- Security Alert Notifications Disabled (azure)
- Alert Disabled (azure)
- No Alert Rules Configured (grafana)
- Admin Malware Notifications Disabled (m365)
- Outbound Spam Notification Disabled (m365)
- New User Notification Disabled (slack)
NIS2-23.2 — Incident notification
Incident notification without undue delay and in any event within 72 hours, including initial assessment of severity and impact (Article 23(4)(b))
- Security Contact Email Missing (azure)
- Security Contact Phone Missing (azure)
- Security Contact Missing (gcp)
- External Contact Point (grafana)
NIS2-23.3 — Intermediate report
Upon request of CSIRT or competent authority, a status update on incident handling (Article 23(4)(c))
NIS2-23.4 — Final report
Final report no later than one month after incident notification, including detailed description, root cause, mitigation measures (Article 23(4)(d))
NIS2-29 — Cybersecurity Information-Sharing
Voluntary exchange of cybersecurity information among essential and important entities (Article 29)
NIS2-29.1 — Voluntary information exchange
Arrangements for voluntary exchange of relevant cybersecurity information including cyber threats, vulnerabilities, TTPs, and indicators of compromise (Article 29(1))
- Repo Secret Scanning Disabled (github)
- Project Container Scanning Disabled (gitlab)
- Repo Dependabot Disabled (github)
NIS2-29.2 — Arrangements and procedures
Practical procedures and conditions for information-sharing arrangements, including designation of contact points (Article 29(2))