Chimere ZTNA and the NIS 2 Directive

How can Chimere assists me?
I’d like to discuss this with you!
Network and Information Security

The NIS 2 Directive in Detail

The NIS2 Directive (Network and Information Security Directive) is a legislative framework from the European Union aimed at strengthening cybersecurity requirements for critical infrastructures and essential services in Europe. In response to evolving cyber threats, it broadens its scope to more sectors and mandates stricter protective measures:

  • Robust technical measures
  • Access management
  • Rapid response to security incidents
  • Enhanced control of suppliers and subcontractors
The goal is to increase resilience against cyber threats and ensure adequate protection of essential networks and services.

NIS2 Logo
Download the NIS 2 Memo in PDF

The NIS 2 Directive | ANSSI

Directive (EU) 2022/2555 on EUR-Lex

ANSSI Logo
Vincent StrubelDirector General of ANSSI
“The requirements of the European directive invite many entities to build a solid roadmap to deploy and strengthen their cyber defense capabilities, aiming for a structurally safer operation, increased trust with their stakeholders, and greater competitiveness for companies.”
NIS 2

The 3 Key Elements Chimere Brings You

Regulated Access Control

Access to network resources is not granted based on user location or network affiliation but on their identity, device, and ability to meet defined access policies.

Micro-segmentation

The network is divided into unique and isolated segments, called micro-segments. Each micro-segment is a distinct security zone with its own access policies, allowing for precise control of network resources and reducing the attack surface in case of a breach.

Overlays and Software Defined Perimeters (SDP)

While traditional cybersecurity solutions focus on securing networks and systems, SDP focuses on securing assets from an identity-centered perspective, using an overlay network architecture. Resources are effectively invisible to unauthorized users and devices.

Chimere x NIS 2

How Does Chimere Facilitate Compliance with the NIS 2 Directive?

Chimere can support your compliance with the NIS 2 directive by securing access to critical systems. This security is achieved through strict identity-based control and the principle of least privilege. Chimere continuously verifies each connection, limiting access to sensitive resources and mitigating risks from internal and external threats.


Article 21.2.d.

Supply chain security, including security aspects related to the relationships between each entity and its direct suppliers or service providers
This article specifically includes the interconnection of information systems with third-party services and applications, as well as software supply chain security. There is also a legal aspect related to the contractual relationship with third parties.

Chimere enables restricting and controlling the access of suppliers or service providers to your information systems. Each access is based on the real-time verification of the user's and device's identity, which minimizes risks of unauthorized or excessive access. Chimere encrypts communications between suppliers and internal systems, ensuring that data exchanges are protected, even when passing through unsecured networks.

  • Granular access control for suppliers
  • Access based on the principle of least privilege
  • Securing external connections

Use Case | Supplier Access



Article 21.2.e.

Security of acquisition, development, and maintenance of networks and information systems, including vulnerability handling and disclosure
This article covers essential technical measures for securing information systems, including endpoint detection and response (EDR), vulnerability management, securing remote access, Zero Trust architecture, SIEM, SOAR, firewalls, IP filtering, Active Directory security, identity management, workstation hardening, WAF and WAAP, and exposure surface analysis.

Chimere provides a Zero-Trust Network Access (ZTNA) solution that enables secure interconnection of devices and applications over the internet without exposure, ensuring isolation. This approach addresses many compliance requirements for the directive:

  • Secure remote access
  • Native Zero-Trust
  • Alternative to IP filtering
  • Workstation posture verification
  • Identity-based access

Our vision of Zero-Trust Network Access

Blog - How to Begin Implementing Zero Trust?



Article 21.2.h.

Policies and procedures related to the use of cryptography, including encryption when applicable
This article addresses the use of cryptography and encryption for securing information system architecture, particularly for remote access. It can also relate to PSSI, integrating micro-segmentation of the information system and Zero Trust architecture.

Chimere enables restricting and controlling the access of suppliers or service providers to your information systems. Each access is based on real-time verification of the user's and device's identity, which minimizes the risk of unauthorized or excessive access. Chimere encrypts communications between suppliers and internal systems, ensuring that data exchanges are protected, even over unsecured networks.

  • Native end-to-end encryption
  • Native application micro-segmentation
  • Native Zero-Trust architecture

Chimere Cyberstealth®



Article 21.2.i.

Human resources security, access control policies, and asset management


Chimere enables restricting and controlling the access of suppliers or service providers to your information systems. Each access is based on real-time verification of the user's and device's identity, minimizing unauthorized or excessive access risks. Chimere encrypts communications between suppliers and internal systems, protecting data exchanges even over unsecured networks.

  • Granular access control for suppliers
  • Access based on the principle of least privilege
  • Securing external connections

Chimere Cyberstealth®



In conclusion, ZTNA limits access to specific applications based on user identity and context, while VPN creates a secure connection granting access to the organization's entire private network.

We can still help you with all other points!

Qorum Secur Num Logo

Chimere is a partner of Qorum Secur'Num, a one-stop shop for cybersecurity and digital compliance. With over 450 cybersecurity experts across more than 50 sites in France, Qorum Secur'Num can support you in all areas of your compliance efforts with the NIS 2 directive.

I'd like to discuss this with you!

Summary

Article Description Skills    
21.2.a Policies related to risk analysis and information system security
21.2.b Incident management
21.2.c Business continuity, such as backup management and recovery, and crisis management
21.2.d Supply chain security, including security aspects regarding relationships between each entity and its direct suppliers or service providers
21.2.e Security of network and information system acquisition, development, and maintenance, including vulnerability processing and disclosure
21.2.f Policies and procedures to assess the effectiveness of cybersecurity risk management measures
21.2.g Basic cyber hygiene practices and cybersecurity training
21.2.h Policies and procedures regarding the use of cryptography and, if applicable, encryption
21.2.i Human resource security, access control policies, and asset management
21.2.j The use of multi-factor or continuous authentication solutions, secure voice, video, and text communications, and secure emergency communication systems within the entity, as needed
Chimere meets the requirement Qorum Secur'Num and its associates meet the requirement