NIS2 - Efficient and prompt operational implementation
Versio.io

NIS2 compliance

Efficient & prompt technical implementation with Versio.io

In a nutshellRequest demoStart free trial
 
The new EU Cybersecurity Directive NIS2 requires a wide range of sectors, and in particular organisations classified as "essential" and "important", to implement comprehensive measures to strengthen cyber resilience and respond to security incidents. Although the directive has been in force across the EU since 2023, its national implementation in Germany is not expected until the end of 2025 or early 2026. The aim is to increase overall EU-wide digital resilience in the face of growing and increasingly complex cyber threats. In this blog post, we show how Versio.io can help companies meet NIS2 requirements efficiently and in compliance with regulations.

Risk management

Risk management
X

Risk management

NIS2: §30 (1),(2)

In Versio.io Risk Management, you will find an overview of all existing and past violations (=risks).

Each violation is weighted according to its severity and the need for protection, thus facilitating the analysis and the process of remedying the violation.

The following violations can be analysed and processed:

  • Product versions in use that are outdated or no longer maintained by the manufacturer.
  • Product versions used for which IT vulnerabilities (CVEs) are known.
  • Configurations of IT components that do not meet internal and regulatory requirements.

Incident management

X

Incident management

NIS2 §30 (2); §31 (1)-(3)

For specific violations (=risk) in Versio.io, corresponding incident tickets can be created and closed in any ITSM solution using alerting.

All changes to the violation are available in Versio.io via deep link in an audit-proof manner. This ensures that a complete analysis is documented, from the detection of the violation and all changes that occur to the closure of the violation.

Business operations resilience

Business operations resilience
X

Business operations resilience

NIS2: §30 (2); §38 (1)

The digital twin in Versio.io provides a complete representation of the real IT landscape and organisation.

In the event of a disruption to business operations, the digital twin ensures continuous access to information and transparency for timely root cause analysis and recovery.

  • Configuration of all applications, IT infrastructure components (servers, hypervisors, network devices etc.), production infrastructure (OT/IoT) and user access data
  • Monitoring and documentation of backup and recovery processes as well as nightly batch job runs
  • Documentation of responsibilities at the IT component level and recovery plans
  • Risk and recovery management based on protection requirements

Security of supply chains

X

Security of supply chains

NIS2: §30 (2)

To ensure supply chain security on the customer and third-party provider side, Versio.io offers comprehensive product and version detection for hardware, operating systems, software products and frameworks in use. Exporting and importing this data as a Bill of Materials (BOM) makes it easier for you to exchange and evaluate data between customers and product manufacturers.

You can monitor all recognised product versions in Versio.io for known IT vulnerabilities or outdated versions.

Other security-related aspects, such as SSL/TLS certificates, port status and application configurations, can also be recorded and evaluated.

Vulnerability management

Vulnerability management
X

Vulnerability management

NIS2: §30 (2)

To prevent IT vulnerabilities from being exploited, software products should be run in the latest version whenever possible. Versio.io helps you monitor all product versions and suggests which versions you should switch to based on your individual release and patch strategy.

In addition, Versio.io detects product versions in use for which IT vulnerabilities are known and supports you in your update decision.

NIS2 effectiveness assessment

X

NIS2 effectiveness assessment

NIS2: §30 (1),(2); §31 (1)-(3)

Versio.io provides detailed metrics on detected and resolved security breaches, enabling an assessment of the effectiveness of NIS2.

In addition, Versio.io documents all changes to security breaches throughout their entire lifecycle and monitors the correct execution of change requests in a fully automated manner.

Computer hygiene & training

NIS2: §30 (2); §38 (1)

Versio.io supports you in maintaining the security and performance of your workstations, servers, network devices, etc.

Inventory management provides customers with up-to-date documentation of all IT components. This data, including the knowledge databases provided by Versio.io, also forms a solid basis for practical training courses.

Based on the inventory, the following aspects can be monitored fully automatically:

  • Overview of all installed and executed software products
  • Outdated software versions
  • Software versions with known IT vulnerabilities
  • System and application configurations
  • Manufacturer warranty

Cryptography & encryption

X

Cryptography & encryption

NIS2: §30 (2); §38 (1)

Versio.io summarises security-related configurations in your IT landscape and evaluates them based on best practices or regulatory requirements (e.g. BSI TR-03116-4). The following configurations can be documented and evaluated:

  • SSL/TLS certificates
  • TLS configurations of web servers
  • Port status of servers and network devices
  • Application-specific configurations
  • Firewall rules

Human ressource, access and asset protection

Human ressource, access and asset protection
X

Human ressource, access and asset protection

NIS2: §30 (2); §38 (1)

Documenting user and access rights and changes to these over time is a general requirement in the regulatory environment.

Versio.io automates inventorying, change detection and monitoring of compliance with user and access rights policies from Active Directory, Microsoft 365 and customer-specific IAM solutions.

Crisis-proof communication

NIS2: §30 (2)

Transparency of information is crucial in crisis situations in order to resolve them promptly. Versio.io provides you with historical data about the IT landscape and organisation, so that the current or last status of each asset and the previous changes are available as an objective basis for decision-making.

Furthermore, Versio.io supports the process of resolving the problem by monitoring the execution of corresponding change requests and providing status information on violations in the context of the problem.

Consulting partners

Our partners have in-depth operational experience and support you in the project-specific implementation of NIS2 requirements - from planning to successful implementation.

Performetriks

Deutsche Telekom

Nathan Claire Africa

Telonic

Omnilogy

To the complete German NIS2 draft bill and the original EU directive

All references to sections in this blog post refer to the current German NIS2 draft law. You can view the draft law and the original EU directive here:
🇩🇪 German NIS2 draft law
🇪🇺 EU NIS2 directive

Read more

Versio.io value proposition canvas

Versio.io value proposition canvas

Versio.io Value Proposition Canvas show Versio.io prospects and customers the value of our solution offering for real-world IT challenges.


Talk to us


Lukas Böttcher
Lukas Böttcher
Business Development Manager
P:  +49-30-221986-51
LinkedIn
Matthias Scholze
Matthias Scholze
Chief Technology Officer
P:  +49-30-221986-51
LinkedIn

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.