On this page, you will find various tools to help your organisation prepare for the Cyberbeveiligingswet (Cbw), listed alphabetically.
AIVD
- PQC Migration Handbook (2024)
- Make your organisation quantum safe (Dutch) (2023)
- Develop AI systems securely (Dutch) (2023)
- Enhanced Threats in a World of Artificial Intelligence (Dutch) – An analysis of AI’s impact on national security (2024)
- Generative AI: A Transformative Impact on Cybersecurity (Dutch) (2024)
- How to create a defendable network? (Dutch) (2024)
- Cybercheck: Supply Chain Risks Affect You Too! (Dutch)
BIO for government
- BIO-Self Assessment (BIO-SA) (Dutch): A tool to help you gradually comply with BIO2.
- Guidance ‘The Administrator’s Role’ (Dutch): Administrators are ultimately responsible for information security, determining risk appetite, and accepting residual risk. This guide provides a practical framework for fulfilling this responsibility.
- BIO practices (Dutch): Practical guides and tools to support the implementation and use of BIO2.
- BIO Thematic Elaborations (Dutch): Guidance for implementing and applying BIO2 in government organisations.
- Podcast series on BIO2 (Dutch).
- ICO-wizard (Dutch): Select requirement packages tailored to different types of products and/or services to be procured. The wizard includes privacy requirements and standards from the Police Data Act (WPG).
CIO-Rijk
Risk management for digital resilience of cross-departmental chains (Dutch): 3 supporting documents:
- Policy on risk management for digital resilience of cross-departmental chains.
- Guidance on risk management for digital resilience of cross-departmental chains
- Implementation framework for risk management of cross-departmental chains.
Cyber Security Council (CSR)
Cybersecurity guidance for directors and business owners: For administrators, business owners, and members of supervisory boards in all organisations.
Standardisation Forum
Test your website: Check whether a website supports modern internet standards.
Information Security Service (Informatiebeveiligingsdienst, IBD)
- BIO2 Factsheet Information Security and the Line Manager (Dutch)
- Conversation cards to help municipal secretaries with basic knowledge and asking the right questions (Dutch)
In addition: operational knowledge products (Dutch) on:
- Security policy
- Organising information security
- Secure personnel
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operational security
- Communications security
- Acquisition, development, and maintenance of information systems
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Backup and recovery
- Compliance
Internet Cleanup Foundation
Website ‘Basisbeveiliging.nl‘ (English and Dutch) shows whether key organisations have their digital baseline security in order. Essential for the availability, integrity, and confidentiality of online services.
Ministery of BZK
- Red Teaming Toolkit (Dutch): A red teaming test is an advanced security assessment that simulates a cyberattack on one or more critical functions of an organisation, based on real-world threats. The findings can be used to develop improvement plans to enhance the organisation’s digital resilience.
- Various tools and services provided by the Centre for Information Security and Privacy Protection (CIP) (Dutch).
- Cbw (NIS2) Control Framework (Dutch): Helps organisations assess their compliance with the Cyberbeveiligingswet and the underlying Cyberbeveiligingsbesluit. Developed in collaboration with the Audit Service of the Kingdom (ADR) and the Dutch IT Auditors Association (NOREA).
- Mapping: Created with experts to clarify which NIS2 measures are mandatory, optional, or situational, and how they relate to NEN-EN-ISO/IEC 27002 and the current BIO.
- Government Internet Domain Policy 1.0 (Dutch): One of the obligations under the Cbw is the registration of all internet domains for which an organisation is responsible. At the start of 2026, the Dutch central government established its internet domain policy, outlining the requirements for government internet domains. Other government bodies may also adopt this policy.
Ministry of IenW
Guidance on Risk Management in Operational Technology (OT) (Dutch): A practical approach to risk management in Operational Technology to identify and reduce cybersecurity risks to an acceptable level. The document also includes frameworks with international case studies, practical examples, tips, and key considerations.
NCSC
- Overview Page Cyberbeveiligingswet (Dutch): Includes a decision tree (doorverwijsboom), checklists and infosheets.
- Securing the Supply Chain – Good Practices (Dutch): How to approach supply chain security in practice? 6 CISOs and ISOs share their experiences.
- Getting started – where to begin? (Dutch): An NCSC overview of tools, pages, and resources to help prepare for the Cyberbeveiligingswet.
- Cybercheck: Supply Chain Risks Affect You Too! (Dutch) Helps map potential supply chain risks arising from the use of products and services from countries with offensive cyber programmes. A guide by AIVD, CIO Rijk, NCSC, and NCTV.
RVO
NIS2 Self-Assessment NL (Dutch): Is the NIS2 directive applicable to your organisation? Is your organisation Essential or Important? And does it fall under Dutch supervision?
VNG
Factsheet for Counsillors (Dutch): Designed to guide councillors on digital security matters.
The Cyberbeveiligingswet (Cbw) is the Dutch transposition of the European NIS2 directive. The legislation focuses on improving cybersecurity and cyber resilience. For more information on what it entails, visit our Cyberbeveiligingswet (NIS2 Directive) overview page.
