EU NIS2 Cybersecurity Risk-Management Measures

Detects NIS2 Article 21 cybersecurity risk-management measures documentation from essential and important entities — gap assessments, board approval papers, and the policies implementing the Article 21(2)(a)-(j) measures (incident handling, business continuity, supply chain security, cyber hygiene, cryptography, access control, multi-factor authentication). These documents catalogue an entity's security posture and unremediated gaps.

Type
keyword_proximity
Engine
universal
Confidence
medium
Confidence justification
Medium confidence: honest topic matcher. 'Cybersecurity risk-management measures' is the NIS2 Article 21 term of art and the only primary; 'all-hazards approach' is also a ubiquitous FEMA/civil-protection term of art, so it corroborates but never fires alone. The 85 tier additionally requires the directive's measure vocabulary (essential/important entity, incident handling, supply chain security, cyber hygiene). The individual Article 21(2) measure names are generic security vocabulary, so they corroborate but never trigger alone; consultancy and academic material is suppressed only by noise exclusions.
Jurisdictions
eu
Regulations
Directive (EU) 2022/2555 (NIS2)
Frameworks
ISO 27001
Data categories
security, governance
Scope
wide
Risk rating
7

Pattern

(?i)\bcybersecurity\s+risk[\s-]management\s+measures\b

Corroborative evidence keywords

all-hazards approach, Directive (EU) 2022/2555, NIS2, NIS 2, essential entity, essential entities, important entity, important entities, incident handling, supply chain security, cyber hygiene, business continuity, backup management, disaster recovery, crisis management, vulnerability handling, multi-factor authentication, access control, cryptography, network and information systems (+37 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References