Chimere x NIS 2
How does Chimere facilitate compliance with the NIS 2 directive?
Chimere can support your compliance with the NIS 2 directive by securing access to critical systems. This security is enabled by strict identity-based control and the principle of least privilege. Chimere reduces risks related to internal and external threats by continuously verifying each connection and limiting access to sensitive resources.
Article 21.2.d.
Supply chain security, including security aspects concerning the relationships between each entity and its direct suppliers or service providers
This article notably includes the interconnection of the information system with third-party services and applications or for third parties, as well as software supply chain security. There is also a legal aspect regarding the contractual relationship with the third party.
Chimere allows you to restrict and control access by suppliers or service providers to your information systems. Each access is based on the real-time verified identity of the user and device, which limits the risk of unauthorized or excessive access. Chimere encrypts communications between suppliers and internal systems, ensuring that data exchanges are protected even if they pass through unsecured networks.
- Granular access control for suppliers
- Access based on the principle of least privilege
- Securing external connections
Article 21.2.e.
Security of acquisition, development, and maintenance of networks and information systems, including vulnerability handling and disclosure
This article covers essential technical measures to secure the IS, including endpoint detection and response (EDR), vulnerability management, securing remote access, Zero Trust architecture, SIEM, SOAR, firewalls, IP filtering, Active Directory security, identity management, workstation hardening, WAF and WAAP, as well as exposure surface analysis.
Chimere provides a ZTNA (Zero Trust Network Access) solution allowing secure interconnection of devices and applications over the internet, without exposing them and ensuring their isolation.
- Secure remote access
- Native Zero Trust
- Alternative to IP filtering
- Workstation posture verification
- Identity-based access
Article 21.2.h.
Policies and procedures relating to the use of cryptography and, where appropriate, encryption
This article deals with the use of cryptography and encryption to secure the architecture of information systems, especially remote access. It can also be linked to IS security policies, to integrate microsegmentation and Zero Trust architecture.
Chimere encrypts communications between suppliers and internal systems, ensuring that data exchanges are protected even if they pass through unsecured networks.
- Native end-to-end encryption
- Native application micro-segmentation
- Native Zero Trust architecture
Article 21.2.i.
Human resources security, access control policies, and asset management
This article concerns access management, human resources security, and asset management. It involves implementing strict access control policies and continuous identity verification.
Chimere allows you to restrict and control access by users and service providers to your information systems, with granular access control and centralized management of connected assets.
- Granular access control for users and service providers
- Access based on the principle of least privilege
- Centralized management of connected assets
For all other points, we can still help you!
Chimere is a partner of Qorum Secur'Num, the one-stop shop for cybersecurity and digital compliance. With more than 450 cyber experts on over 50 sites in France, Qorum Secur'Num can support you in all areas of your compliance process with the NIS 2 directive.
Summary
| Article | Description | Expertise |
|---|---|---|
| 21.2.a | Policies relating to risk analysis and information system security | |
| 21.2.b | Incident management | |
| 21.2.c | Business continuity, e.g. backup management and business recovery, and crisis management | |
| 21.2.d | Supply chain security, including security aspects concerning the relationships between each entity and its direct suppliers or service providers | |
| 21.2.e | Security of acquisition, development, and maintenance of networks and information systems, including vulnerability handling and disclosure | |
| 21.2.f | Policies and procedures to assess the effectiveness of cybersecurity risk management measures | |
| 21.2.g | Basic cyber hygiene practices and cybersecurity training | |
| 21.2.h | Policies and procedures relating to the use of cryptography and, where appropriate, encryption | |
| 21.2.i | Human resources security, access control policies, and asset management | |
| 21.2.j | The use of multi-factor authentication or continuous authentication solutions, secure voice, video, and text communications, and secure emergency communication systems within the entity, as needed |
Chimere meets the requirement
Qorum Secur'Num and its partners meet the requirement