NIS2 (Network and Information Systems Directive 2)

What is the NIS2 (Network and Information Systems Directive 2) ?

The NIS2 Directive is an EU regulation that aims at protecting essential and important entities against cyber threats. It requires organizations that are part of industries identified as essential and important (energy,  public service, banking, pharmaceutical, transportation…) to take advanced cybersecurity measures and report incidents. NIS2 explicitly requires applications and services used on mobile and tablet devices to be secure as part of the global IT environment and recommends system vulnerability detection, intrusion testing and security audits.

NIS2 measures applying to mobile and web applications

Security Measures

The NIS2 Directive requires mobile network operators and relevant application developers to implement appropriate security measures to protect their systems and networks. This includes adopting measures to prevent and minimize the impact of cybersecurity incidents, such as implementing secure coding practices, regularly updating software and applications, and implementing access controls to safeguard mobile data.

Resilience and Business Continuity

The NIS Directive emphasizes the importance of maintaining the resilience of essential services, which includes mobile services. Organizations should take measures to ensure the continuity of their mobile services in the face of cybersecurity incidents, including regular backup of mobile data, disaster recovery planning, and redundancy measures to minimize disruptions to essential services.

Incident Response Planning

Organizations covered by the NIS2 Directive must have incident response plans in place to effectively handle cybersecurity incidents. This includes establishing procedures for detecting, responding to, and recovering from incidents that may compromise mobile data. Incident response plans should address mobile-specific threats and vulnerabilities and outline appropriate mitigation strategies.

Develop applications that comply with NIS2

Pradeo’s application security suite contains multiple solutions for securing your application and making them NIS2 compliant. Pradeo’s Mobile Application Security Testing detects vulnerabilities and helps developers patch them instantly. While the Application compliance audit directly tests your app compliance with NIS2.