In the coming years, the legal requirements for the IT security level of companies will become significantly stricter. Laws, directives, and regulations from the European Union and the German government, such as the IT Security Act 2.0 (IT-SiG 2.0), the Network and Information Security Directive 2 (NIS 2), and the Cyber Resilience Act (CRA), clearly demonstrate this.
In addition, the number of affected companies will increase significantly as more companies are categorized as critical infrastructure (KRITIS). Suppliers and service providers that are not Part of KRITIS themselves will also feel the impact. In the future, KRITIS operators will have to demonstrate an appropriate level of security along the entire supply chain. The same goes for the rating agency, which is demanding security requirements for digital products and services throughout their entire lifecycle.
This white paper will show you how new legislation such as IT-SiG 2.0, NIS 2 and CRA will affect IT security requirements and which companies are directly or indirectly affected, for example as suppliers or service providers. For critical infrastructure (KRITIS) in particular, you will learn about the measures, technologies and services that can be used to fulfill the legal requirements.
The topics and issues covered in this white paper:
- Summary of key regulatory requirements from IT-SiG 2.0, NIS 2 and CRA
- Implementation, Part 1: Automated cyberattack detection and defense systems
- Implementation, Part 2: Technical and organizational risk mitigation measures
- Implementation, Part 3: Proof of the IT security level. Steps to more legal certainty
Simply register to receive a free PDF download of this whitepaper on adequate IT security for KRITIS operators, including their supply chains!