Learn about the critical cybersecurity measures, powers, and cooperation established by the EU’s NIS2 Directive, and discover the one element it does not mandate.
Table of Contents
Question
All of the following will be established by the second Network and Information Security Directive (“NIS2”) EXCEPT?
A. Baseline cybersecurity measures that each covered entity must address.
B. Powers to inspect, audit, or require information from covered organizations.
C. A common controls framework that every organization must adopt.
D. A new network for EU member states to cooperate on large-scale breaches.
Answer
C. A common controls framework that every organization must adopt.
Explanation
The second Network and Information Security Directive (NIS2) aims to strengthen cybersecurity across the European Union by establishing several key elements. However, it does not mandate a single common controls framework that every organization must adopt.
NIS2 does establish:
A. Baseline cybersecurity measures that each covered entity must address. NIS2 sets out minimum cybersecurity standards and best practices that organizations in critical sectors must implement.
B. Powers to inspect, audit, or require information from covered organizations. National authorities are granted powers under NIS2 to assess compliance and obtain necessary information from covered entities.
D. A new network for EU member states to cooperate on large-scale breaches. NIS2 creates the European Cyber Crises Liaison Organisation Network (EU-CyCLONe) to support coordinated management of large-scale cybersecurity incidents.
However, while NIS2 lays out cybersecurity requirements, it does not prescribe a specific common controls framework like NIST or ISO 27001 that all organizations must use. Companies have flexibility in the frameworks and controls they adopt to meet the NIS2 standards.
Therefore, the correct answer is C – NIS2 does not establish a common controls framework that every organization must adopt, even though it mandates baseline cybersecurity measures and enables cooperation and enforcement.
IAPP CIPP-E certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IAPP CIPP-E exam and earn IAPP CIPP-E certification.