Guidelines on assessing DSP security and OES compliance with the NISD security requirements

Summary

According to the NIS Directive1 Articles 14, 15 and 16, one of the key objectives is to introduce appropriate security measures for operators of essential services (OES) as well as for the digital service providers (DSP) in an effort to achieve a baseline, common level of information security within the European Union (EU) network and information systems. Information security (IS) audits and self–assessment/ management exercises are the two major enablers to achieve this objective.

This report presents the steps of an information security audit process for the OES compliance, as well as of a selfassesment/management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it provides an analysis of the most relevant information security standards and frameworks to support OES and DSP in practicing the above exercises in the most tailored and efficient manner.