A mapping (overview) of NIS2 measures for the security standard NEN-EN-ISO/IEC 27002 (nl) was published. The Ministry of the Interior and Kingdom Relations (BZK) developed this mapping in collaboration with the IBO core. The IBO is the forum for decision-making regarding the BIO, involving representatives from BZK and umbrella organisations for the central government, municipalities, provinces, and water authorities.
NIS2 Directive
The revision of the Network and Information Security (NIS2) Directive introduces new European cybersecurity legislation. The Netherlands will implement it by the end of 2024 to enhance cybersecurity and improve the resilience of essential services across EU member states. The NIS2 Directive places a duty of care for information security on governments. BZK plans to use the BIO as a framework to meet this duty of care.
Mandatory, optional, or conditional?
Before implementing the directive, organisations often become confused about their obligations under NIS2. This new mapping clarifies which measures are mandatory, optional, or conditional, and explains their relationship to NEN-EN-ISO/IEC 27002 (nl) and the current BIO.
The mapping does not aim to demonstrate how well the BIO already complies with the NIS2 measures. Therefore, the BIO working group is evaluating whether to incorporate additional NIS2 measures into a new version of the document.
View the mapping and its explanation (Dutch).
