ECSO Welcomes the Publication of ENISA’s Technical Implementation Guidance

A significant number of recommendations from ECSO’s input to the public consultation were incorporated into the final version of the ENISA’s Technical Implementation Guidance. This represents a great step towards helping and easing implementation of NIS2 requirements in EU organisations while assuring achievement of NIS2 objectives.  

The document provides a solid foundation for implementing Article 21 of the NIS2 Directive, which defines cyber security risk management measures. The alignment with the Directive’s provisions is clear and well-referenced throughout the guide. 

ECSO values the structured breakdown of cyber measures, together with the mapping to relevant standards. The risk-based and modular approach provides a useful level of flexibility, which is essential for organisations of different sizes and risk profiles. ECSO also considers the document as a valuable and forward-looking instrument that contributes to the European cybersecurity ecosystem.   

ECSO sees some ideas to further improve this content that may be deemed applicable for the next versions: 

  1. Include information to help SMEs with a faster selection of implementation guidance most suitable for them. 
  2. Develop actionable self-assessment tools and templates, where possible.
  3. Provide sector specific guidance and toolkits. 
  4. Establish expected implementation thresholds for security controls to streamline cross-border collaboration with national supervisory authorities. 
  5. Update NIS2 and technical guidance mapping to new cybersecurity frameworks.

ECSO welcomes ENISA’s open position to facilitate dialogue. This should be maintained during the NIS2 implementation phase, to identify lessons learned in the process and refine the guidance and best-practice approach. 

About the ECSO Cyber Threat Management Working Group

The ECSO Cyber Threat Management Working Group provides support to organisations in tackling cyber threats by collaborating with industry leaders in strategically important areas, such as the CTI and implementation of the EU cybersecurity policies. Together we aim to build a trusted environment for practitioners and end-users in cybersecurity where you can share information, lessons learned, and best practices to increase cyber resilience of European companies and organisations.

Sebastijan Čutura

Senior Manager, Industry Cybersecurity

sebastijan.cutura[at]ecs-org.eu

Tomasz Michałowski

Junior Manager for European Cyber Security Community

tomasz.michalowski[at]ecs-org.eu

Share this article on social media