{"id":41051,"date":"2024-06-03T06:44:01","date_gmt":"2024-06-03T13:44:01","guid":{"rendered":"https:\/\/zpesystems.com\/?p=41051"},"modified":"2025-03-10T14:10:14","modified_gmt":"2025-03-10T21:10:14","slug":"nis2-compliance-zs","status":"publish","type":"post","link":"https:\/\/zpesystems.com\/nis2-compliance-zs\/","title":{"rendered":"NIS2 Compliance &#038; Requirements"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; custom_margin=&#8221;0px||0px||false|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; width=&#8221;100%&#8221; custom_margin=&#8221;0px||||false|false&#8221; custom_padding=&#8221;0px||||false|false&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_image src=&#8221;https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg&#8221; alt=&#8221;NIS2 Compliance&#8221; title_text=&#8221;NIS2 Compliance&#8221; admin_label=&#8221;Image&#8221; _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p>NIS2 \u2013 an update of the EU\u2019s Network and Information Security Directive \u2013 seeks to enhance the cybersecurity level and resilience of EU member states. Compared to the original NIS, it significantly increases risk management, corporate accountability, business continuity, and reporting requirements. NIS2 became law in all EU member states on 17 October 2024, so affected organizations must take action to avoid fines and other penalties. This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance. <i>Citation: <\/i><a href=\"https:\/\/eur-lex.europa.eu\/eli\/dir\/2022\/2555\" target=\"_blank\" rel=\"noopener\"><i>Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910\/2014 and Directive (EU) 2018\/1972, and repealing Directive (EU) 2016\/1148 (NIS 2 Directive)<\/i><\/a><\/p>\n<h2>Who does NIS2 apply to, and what are the consequences for noncompliance?<\/h2>\n<p>NIS2 applies to organizations providing services deemed \u201cessential\u201d or \u201cimportant\u201d to the European economy and society. <b>Essential Entities (EE)<\/b> generally have at least 250 employees, annual turnover of \u20ac50 million, or balance sheets of \u20ac43 million. Essential sectors include:<\/p>\n<ul>\n<li aria-level=\"1\">Energy<\/li>\n<li aria-level=\"1\">Transport<\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/zpesystems.com\/solutions\/network-security-in-financial-services-zs\/\">Finance<\/a><\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/zpesystems.com\/solutions\/government-secure-network-solutions-zs\/\">Public administration<\/a><\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/zpesystems.com\/solutions\/healthcare-network-solutions-zs\/\">Health<\/a><\/li>\n<li aria-level=\"1\">Space<\/li>\n<li aria-level=\"1\">Water supply (drinking &amp; wastewater)<\/li>\n<li aria-level=\"1\">Digital infrastructure (e.g., <a href=\"https:\/\/zpesystems.com\/solutions\/hyperscale-cloud-providers\/\">cloud computing providers<\/a>)<\/li>\n<\/ul>\n<p><b>Important Entities (IE)<\/b> generally have at least 50 employees, annual turnover of \u20ac10 million, or balance sheets of \u20ac10 million. Important sectors include:<\/p>\n<ul>\n<li aria-level=\"1\">Postal services<\/li>\n<li aria-level=\"1\">Waste management<\/li>\n<li aria-level=\"1\">Chemicals<\/li>\n<li aria-level=\"1\">Research<\/li>\n<li aria-level=\"1\">Food<\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/zpesystems.com\/operational-technology-security-zs\/\">Manufacturing<\/a> (e.g., medical devices and other equipment)<\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/zpesystems.com\/data-center-orchestration-with-gen-3-oob-for-digital-services-providers-zs\/\">Digital providers<\/a> (e.g., social networks, online marketplaces)<\/li>\n<\/ul>\n<p>The NIS2 Directive outlines three types of penalties for noncompliance: non-monetary remedies, administrative fines, and criminal sanctions. Non-monetary remedies include things like compliance orders, binding instructions, security audit orders, and customer threat notification orders. Financial penalties for Essential Entities max out at \u20ac10 million or 2% of the global annual revenue, whichever is higher; for Important Entities, the maximum is \u20ac7 million or 1.4% of the global annual revenue, whichever is higher. NIS2 also directs member states to hold top management personally responsible for gross negligence in a cybersecurity incident, which could involve:<\/p>\n<ul>\n<li aria-level=\"1\">Ordering organizations to notify the public of compliance violations<\/li>\n<li aria-level=\"1\">Publicly identifying the people and\/or entities responsible for the violation<\/li>\n<li aria-level=\"1\">Temporarily banning an individual from holding management positions (EEs only)<\/li>\n<\/ul>\n<p>Even the nonfinancial penalties of NIS2 noncompliance can affect revenue by causing reputational damage and potential lost business, so it\u2019s crucial for IEs and EEs to be prepared when this directive takes effect in their state.<\/p>\n<h2>10 Minimum requirements for NIS2 compliance<\/h2>\n<p>The NIS2 directive requires essential and important entities to take \u201cappropriate and proportional\u201d measures to manage security and resilience risks and minimize the impact of incidents. It mandates an \u201call-hazards approach,\u201d which means creating a comprehensive business continuity framework that accounts for any potential disruptions, whether they be natural disasters, ransomware attacks, or anything in between. Organizations must implement \u201cat least\u201d the following requirements as a baseline for NIS2 compliance (click links for more info):<\/p>\n<p>[\/et_pb_text][et_pb_code _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;]<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"center\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<table style=\"border: none; border-collapse: collapse; table-layout: fixed;\">\n<colgroup>\n<col \/>\n<col \/><\/colgroup>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tbody><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 21pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #214c64; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\" colspan=\"2\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<h3 dir=\"ltr\" style=\"line-height: 1.38; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14pt; color: #ffffff; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">10 NIS2 Compliance Requirements<\/span><\/h3>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #008aab; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #ffffff; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">NIS2 Minimum Requirement<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; background-color: #008aab; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #ffffff; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Implementation Tip<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Maintain comprehensive <\/span><a style=\"text-decoration: none;\" href=\"#1\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">risk analysis and information system security policies<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Keep policies in a centralized repository with version control to track changes and prevent unauthorized modifications.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Implement robust <\/span><a style=\"text-decoration: none;\" href=\"#2\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">security incident handling<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> measures<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use AIOps to accelerate incident creation, triage, and root-cause analysis (RCA).<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Establish <\/span><a style=\"text-decoration: none;\" href=\"#3\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">business continuity and crisis management<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> strategies<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use out-of-band (OOB) management and isolated recovery environments (IREs) to minimize downtime and improve resilience.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Mitigate <\/span><a style=\"text-decoration: none;\" href=\"#4\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">supply chain security<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> risks<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Implement User and Entity Behavior Analytics (UEBA) to monitor third parties on the network.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Ensure <\/span><a style=\"text-decoration: none;\" href=\"#5\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">network and IT system security<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> throughout acquisition, development, and maintenance<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use automated provisioning, vulnerability scanning, and patch management to reduce risks.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 51.75pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Perform regular <\/span><a style=\"text-decoration: none;\" href=\"#6\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">cybersecurity and risk-management assessments<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use artificial intelligence technology like large language models (LLMs) to streamline assessments.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Enforce <\/span><a style=\"text-decoration: none;\" href=\"#7\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">cybersecurity training<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> requirements for all personnel<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Simulate phishing emails and other social engineering attacks to prepare users for the real thing.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Implement <\/span><a style=\"text-decoration: none;\" href=\"#8\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">cryptography and, when necessary, encryption<\/span><\/a><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Ensure all physical systems are protected by strong hardware roots of trust like TPM 2.0.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Establish secure <\/span><a style=\"text-decoration: none;\" href=\"#9\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">user access control and asset management<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\"> practices\u00a0<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use zero-trust policies and controls to restrict privileges and limit lateral movement.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<tr style=\"height: 0pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Use <\/span><a style=\"text-decoration: none;\" href=\"#10\"><span style=\"font-size: 11pt; color: #1155cc; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\">multi-factor authentication (MFA) and encrypted communications<\/span><\/a><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">\u00a0<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/p>\n<td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><pee dir=\"ltr\" style=\"line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; color: #000000; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Extend MFA to management interfaces and recovery systems to prevent compromise.<\/span><\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/td>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tr>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/tbody>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/table>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><\/div>\n<p><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->[\/et_pb_code][et_pb_text _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; text_font=&#8221;||||||||&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h3 id=\"1\">1. Risk analysis and information system security policies<\/h3>\n<p>Organizations must create and update comprehensive policies covering cybersecurity risk analysis and overall IT system security practices. These policies should cover all the topics listed below and include specific consequences and\/or corrective measures for failing to follow the outlined processes.<\/p>\n<table style=\"height: 23px; background-color: #008aab;\">\n<tbody>\n<tr style=\"back-ground: #008aab;\">\n<td style=\"height: 23px; width: 1063px;\"><span style=\"color: #ffffff;\"><b>Tip: <\/b>Keeping all company policies in a centralized, version-controlled repository will help track updates over time and prevent anyone from making unauthorized changes.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"2\">2. Security incident handling<\/h3>\n<p>Entities must implement incident-handling tools and practices to help accelerate resolution and minimize the impact on end users and other essential or important services. This includes mechanisms for identifying problems, triaging according to severity, remediating issues, and notifying relevant parties. NIS2 outlines a specific timeline for reporting significant security incidents to the relevant authorities:<\/p>\n<ul>\n<li aria-level=\"1\"><b>Within 24 hours &#8211; <\/b>Entities must provide an early warning indicating whether they suspect an unlawful or malicious attack or whether it could have a cross-border impact.<\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>Within 72 hours &#8211; <\/b>Entities must update the relevant authorities with an assessment of the attack, including its severity, impact, and indicators of compromise.<\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>Within one month &#8211; <\/b>Organisations must submit a final report including a detailed description of the incident, the most likely root cause or type of threat, what mitigation measures were taken, and, if applicable, the cross-border impact. If the incident is still ongoing, entities must submit an additional report within one month of resolution.<\/li>\n<\/ul>\n<table style=\"background-color: #214c64;\">\n<tbody>\n<tr>\n<td><span style=\"color: #ffffff;\"><b>Tip: <\/b><span style=\"text-decoration: underline;\"><strong><a style=\"color: #ffffff; text-decoration: underline;\" href=\"https:\/\/zpesystems.com\/using-aiops-and-machine-learning-to-manage-automated-network-infrastructure-zs\/\">AIOps (artificial intelligence for IT operations)<\/a><\/strong><\/span> analyzes monitoring logs using machine learning to identify threat indicators and other potential issues that less sophisticated tools might miss. It can also generate, triage, and assign incidents, perform root-cause analysis (RCA) and other automated troubleshooting, and take other actions to streamline security incident handling.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"3\">3. Business continuity and crisis management<\/h3>\n<p>Essential and important entities must establish comprehensive business continuity and crisis management strategies to minimize service disruptions. These strategies should include <a href=\"https:\/\/zpesystems.com\/network-resilience-vs-redundancy-zs\/\">redundancies and backups<\/a> as part of a <a href=\"https:\/\/zpesystems.com\/network-resilience-zs\/\">resilience system<\/a> that can keep operations running, if in a degraded state, during major cybersecurity incidents. It\u2019s also crucial to maintain continuous access to management, troubleshooting, and recovery infrastructure during an attack.<\/p>\n<table style=\"height: 48px; background-color: #008aab;\">\n<tbody>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 1571px;\"><span style=\"color: #ffffff;\"><b>Tip: <\/b>Serial consoles with <span style=\"text-decoration: underline;\"><strong><a style=\"color: #ffffff; text-decoration: underline;\" href=\"https:\/\/zpesystems.com\/defining-oob-network-and-oob-management\/\">out-of-band (OOB) management<\/a><\/strong><\/span><strong> provide an alternative path to systems and infrastructure that doesn\u2019t rely on the production network, ensuring 24\/7 management and recovery access during outages and other major incidents. OOB serial consoles can also be used to create<\/strong> an <a style=\"color: #ffffff;\" href=\"https:\/\/zpesystems.com\/build-an-isolated-recovery-environment-zs\/\">i<span style=\"text-decoration: underline;\"><strong>solated recovery environment (IRE)<\/strong><\/span><\/a> where teams can safely restore and rebuild critical services without risking ransomware reinfection.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"4\">4. Supply chain security<\/h3>\n<p>Organizations must implement <a href=\"https:\/\/www.zpesystems.com\/supply-chain-security-risk-management-zs\/\">supply chain security risk management<\/a> measures to limit the risk of working with third-party suppliers. These include performing regular risk assessments based on the supplier\u2019s security and compliance history, applying zero-trust access control policies to third-party accounts, and keeping third-party software and dependencies up-to-date.<\/p>\n<table style=\"background-color: #214c64;\">\n<tbody>\n<tr>\n<td><span style=\"color: #ffffff;\"><b>Tip: <\/b>User and entity behavior analytics (UEBA) software uses machine learning to analyze account activity on the network and detect unusual behavior that could indicate compromise. It establishes baselines for normal behavior based on real user activity, reducing false positives and increasing detection accuracy even with vendors and contractors who operate outside of normal business hours and locations.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"5\">5. Secure network and IT system acquisition, development, and maintenance<\/h3>\n<p>Entities must ensure the security of network and IT systems during acquisition, development, and maintenance. This involves, among other things, inspecting hardware for signs of tampering before deployment, changing default settings and passwords on initial startup, performing code reviews on in-house software to check for vulnerabilities, and applying security patches as soon as vulnerabilities are discovered.<\/p>\n<table style=\"height: 47px; background-color: #008aab;\">\n<tbody>\n<tr style=\"height: 47px;\">\n<td style=\"height: 47px; width: 1571px;\"><span style=\"color: #ffffff;\"><b>Tip: <\/b>Automation can streamline many of these practices while reducing the risk of human error. For example,<strong><span style=\"text-decoration: underline;\"> <a style=\"color: #ffffff; text-decoration: underline;\" href=\"https:\/\/zpesystems.com\/zero-touch-deployment-cheat-sheet-zs\/\">zero-touch provisioning<\/a><\/span><\/strong> automatically configures devices as soon as they come online, reducing the risk of attackers compromising a system-default admin account. Automated vulnerability scanning tools can help detect security flaws in software and systems; automated patch management ensures third-party updates are applied as soon as possible.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"6\">6. Cybersecurity and risk-management assessments<\/h3>\n<p>Organizations must have a way to objectively assess their cybersecurity and risk-management practices and remediate any identified weaknesses. These assessments involve identifying all the physical and logical assets used by the company, scanning for potential threats, determining the severity or potential impact of any identified threats, taking the necessary mitigation steps, and thoroughly documenting everything to streamline any reporting requirements.<\/p>\n<table style=\"background-color: #214c64; height: 47px;\">\n<tbody>\n<tr style=\"height: 47px;\">\n<td style=\"height: 47px; width: 1571px;\"><span style=\"color: #ffffff;\"><b>Tip:<\/b> An AI-powered cybersecurity risk assessment tool uses large language models (LLMs) and other machine learning technology to automate assessments with greater accuracy than older solutions. These tools are often better at identifying novel threats than human assessors or signature-based detection methods, and they typically provide automated reporting to aid in NIS2 compliance.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"7\">7. Cybersecurity training<\/h3>\n<p>Essential and important entities must enforce cybersecurity training and basic security hygiene policies for all staff. This training should include information about the most common social engineering attacks, such as email phishing or vishing (voice phishing), compliant data handling practices, and how to securely create and manage account credentials.<\/p>\n<table style=\"background-color: #008aab;\">\n<tbody>\n<tr>\n<td><span style=\"color: #ffffff;\"><b>Tip: <\/b>Some cybersecurity training programs include attack simulations &#8211; such as fake phishing emails &#8211; to test trainees\u2019 knowledge and give them practice identifying social engineering attempts. These programs help companies identify users who need additional education and periodically reinforce what they have learned.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"8\">8. Cryptography and encryption<\/h3>\n<p>NIS2 requires organizations to use cryptography to protect systems and data from tampering. This includes encrypting sensitive data and communications when necessary.<\/p>\n<table style=\"background-color: #214c64;\">\n<tbody>\n<tr>\n<td><span style=\"color: #ffffff;\"><b>Tip: <\/b>Roots of Trust (RoTs) are hardware security mechanisms providing cryptographic functions, key management, and other important security features. RoTs are inherently trusted, so it\u2019s important to choose up-to-date solutions offering strong cryptographic algorithms, such as Trusted Platform Module (TPM) 2.0.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"9\">9. User access control and asset management<\/h3>\n<p>Entities must establish policies and procedures for employees accessing sensitive data, including least-privilege access control and secure asset management. This also includes mechanisms for revoking access and locking down physical assets when users violate safe data handling policies, or malicious outsiders compromise privileged credentials.<\/p>\n<table style=\"height: 47px; background-color: #008aab;\">\n<tbody>\n<tr style=\"height: 47px;\">\n<td style=\"height: 47px; width: 1571px;\"><span style=\"color: #ffffff;\"><strong>Tip:<\/strong> <a style=\"color: #ffffff;\" href=\"https:\/\/zpesystems.com\/what-is-zero-trust-security\/\"><strong>Zero<\/strong> <strong><span style=\"text-decoration: underline;\">trust security<\/span><\/strong><\/a><strong><span style=\"text-decoration: underline;\"> uses network micro-segmentation and highly specific security policies to protect sensitive resources. MFA and continuous authentication controls seek to re-establish trust each time a user requests access to a new resource, makin<\/span><\/strong>g it easier to catch malicious actors and preventing lateral movement on the network.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"10\">10. Multi-factor authentication (MFA) and encrypted communications<\/h3>\n<p>The final minimum requirement for NIS2 compliance is using multi-factor authentication (MFA) and continuous authentication solutions to verify identities, as described above. Additionally, entities must be able to encrypt voice, video, text, and internal emergency communications when needed.<\/p>\n<table style=\"background-color: #214c64; height: 47px;\">\n<tbody>\n<tr style=\"height: 47px;\">\n<td style=\"height: 47px; width: 1571px;\"><span style=\"color: #ffffff;\"><b>Tip: <\/b>MFA, continuous authentication, and other zero-trust controls should also extend to management interfaces, resilience systems, and isolated recovery environments to prevent malicious actors from compromising these critical resources. The best practice is to <a style=\"color: #ffffff;\" href=\"https:\/\/zpesystems.com\/why-network-resilience-requires-isolated-management-infrastructure\/\">isolate management interfaces<\/a> and resilience systems using OOB serial consoles to prevent lateral movement from the production network.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How ZPE streamlines NIS2 compliance<\/h2>\n<p>EU-based entities classified as essential or important have limited time to implement all the security policies, practices, and tools required for NIS2 compliance. Using vendor-neutral, multi-purpose hardware platforms to deploy new security controls can help reduce the hassle and expense, making it easier to meet the October deadline. For example, a <a href=\"https:\/\/zpesystems.com\/products\/data-center-solutions\/serial-consoles\/nodegrid-serial-console-plus\/\">Nodegrid serial console<\/a> from ZPE Systems combines out-of-band management, routing, switching, <a href=\"https:\/\/zpesystems.com\/solutions\/failover-connectivity\/\">cellular failover<\/a>, SSL VPN and secure tunnel capabilities, and <a href=\"https:\/\/zpesystems.com\/products\/environmental-sensors-zs\/\">environmental monitoring<\/a> in a single device. The vendor-neutral Nodegrid OS supports GuestOS and containers for any third-party software, including next-generation firewalls (NGFWs), <a href=\"https:\/\/zpesystems.com\/solutions\/sase-zs\/\">Secure Access Service Edge (SASE)<\/a>, automation tools like Puppet and Ansible, and UEBA. Nodegrid devices have strong hardware Roots of Trust with TPM 2.0, selectable encrypted cryptographic protocols and cipher suite levels, and configuration checksumTM. Plus, Nodegrid\u2019s <a href=\"https:\/\/zpesystems.com\/solutions\/remote-network-management\/out-of-band-serial-console-zs\/\">Gen 3 OOB<\/a> creates the perfect foundation for infrastructure isolation, resilience systems, and isolated recovery environments. [\/et_pb_text][et_pb_text admin_label=&#8221;CTA&#8221; _builder_version=&#8221;4.25.1&#8243; _module_preset=&#8221;default&#8221; text_text_color=&#8221;#FFFFFF&#8221; background_color=&#8221;#358AAF&#8221; custom_margin=&#8221;||||true|false&#8221; custom_padding=&#8221;30px|30px|30px|30px|true|true&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2><strong>Looking to Upgrade to a Nodegrid serial console? <\/strong><\/h2>\n<p><b>Looking to replace your discontinued, EOL serial console with a Gen 3 out-of-band solution? Nodegrid can expand your capabilities and manage your existing solutions from other vendors.<\/b> <a class=\"HSSTYLEDCTA\" href=\"https:\/\/zpesystems.com\/replace-discontinued-console-servers-with-zpe-systems-complete-products-services-solution\/\">Click here to learn more!<\/a> [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.<\/p>\n","protected":false},"author":5,"featured_media":41052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"categories":[74,102,86,93,82,99,85,96,100,90],"tags":[],"class_list":["post-41051","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-hosting","category-increase-productivity","category-modernize-legacy-environments","category-network-automation","category-out-of-band-management","category-remote-network-management","category-sd-branch","category-sd-wan","category-streamline-deployments","category-vendor-neutral-platform"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v26.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NIS2 Compliance &amp; Requirements - ZPE Systems<\/title>\n<meta name=\"description\" content=\"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zpesystems.com\/nis2-compliance-zs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Compliance &amp; Requirements\" \/>\n<meta property=\"og:description\" content=\"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zpesystems.com\/nis2-compliance-zs\/\" \/>\n<meta property=\"og:site_name\" content=\"ZPE Systems\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-03T13:44:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-10T21:10:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1620\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jordan Baker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jordan Baker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/\",\"url\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/\",\"name\":\"NIS2 Compliance & Requirements - ZPE Systems\",\"isPartOf\":{\"@id\":\"https:\/\/zpesystems.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg\",\"datePublished\":\"2024-06-03T13:44:01+00:00\",\"dateModified\":\"2025-03-10T21:10:14+00:00\",\"author\":{\"@id\":\"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567\"},\"description\":\"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/zpesystems.com\/nis2-compliance-zs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage\",\"url\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg\",\"contentUrl\":\"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg\",\"width\":1620,\"height\":1080,\"caption\":\"162984668\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/zpesystems.com\/nis2-compliance-zs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/zpesystems.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Compliance &#038; Requirements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/zpesystems.com\/#website\",\"url\":\"https:\/\/zpesystems.com\/\",\"name\":\"ZPE Systems\",\"description\":\"Rethink the Way Networks are Built and Managed\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/zpesystems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567\",\"name\":\"Jordan Baker\",\"url\":\"https:\/\/zpesystems.com\/author\/jordan\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIS2 Compliance & Requirements - ZPE Systems","description":"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zpesystems.com\/nis2-compliance-zs\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 Compliance & Requirements","og_description":"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.","og_url":"https:\/\/zpesystems.com\/nis2-compliance-zs\/","og_site_name":"ZPE Systems","article_published_time":"2024-06-03T13:44:01+00:00","article_modified_time":"2025-03-10T21:10:14+00:00","og_image":[{"width":1620,"height":1080,"url":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg","type":"image\/jpeg"}],"author":"Jordan Baker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jordan Baker","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/","url":"https:\/\/zpesystems.com\/nis2-compliance-zs\/","name":"NIS2 Compliance & Requirements - ZPE Systems","isPartOf":{"@id":"https:\/\/zpesystems.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage"},"image":{"@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage"},"thumbnailUrl":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg","datePublished":"2024-06-03T13:44:01+00:00","dateModified":"2025-03-10T21:10:14+00:00","author":{"@id":"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567"},"description":"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.","breadcrumb":{"@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zpesystems.com\/nis2-compliance-zs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/#primaryimage","url":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg","contentUrl":"https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg","width":1620,"height":1080,"caption":"162984668"},{"@type":"BreadcrumbList","@id":"https:\/\/zpesystems.com\/nis2-compliance-zs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zpesystems.com\/"},{"@type":"ListItem","position":2,"name":"NIS2 Compliance &#038; Requirements"}]},{"@type":"WebSite","@id":"https:\/\/zpesystems.com\/#website","url":"https:\/\/zpesystems.com\/","name":"ZPE Systems","description":"Rethink the Way Networks are Built and Managed","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zpesystems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/zpesystems.com\/#\/schema\/person\/822694040abba23b5253766566cd1567","name":"Jordan Baker","url":"https:\/\/zpesystems.com\/author\/jordan\/"}]}},"rttpg_featured_image_url":{"full":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg",1620,1080,false],"landscape":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg",1620,1080,false],"portraits":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg",1620,1080,false],"thumbnail":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-150x150.jpg",150,150,true],"medium":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-300x200.jpg",300,200,true],"large":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg",1620,1080,false],"et-pb-post-main-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-400x250.jpg",400,250,true],"et-pb-post-main-image-fullwidth":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-1080x675.jpg",1080,675,true],"et-pb-portfolio-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-400x284.jpg",400,284,true],"et-pb-portfolio-module-image":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-510x382.jpg",510,382,true],"et-pb-portfolio-image-single":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-1080x720.jpg",1080,720,true],"et-pb-gallery-module-image-portrait":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-400x516.jpg",400,516,true],"et-pb-post-main-image-fullwidth-large":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance.jpg",1620,1080,false],"et-pb-image--responsive--desktop":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-1280x853.jpg",1080,720,true],"et-pb-image--responsive--tablet":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-980x653.jpg",827,551,true],"et-pb-image--responsive--phone":["https:\/\/zpesystems.com\/wp-content\/uploads\/2024\/05\/NIS2-Compliance-480x320.jpg",405,270,true]},"rttpg_author":{"display_name":"Jordan Baker","author_link":"https:\/\/zpesystems.com\/author\/jordan\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/zpesystems.com\/category\/application-hosting\/\" rel=\"category tag\">Application Hosting<\/a> <a href=\"https:\/\/zpesystems.com\/category\/increase-productivity\/\" rel=\"category tag\">Increase Productivity<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/modernize-legacy-environments\/\" rel=\"category tag\">Modernize Legacy Environments<\/a> <a href=\"https:\/\/zpesystems.com\/category\/increase-productivity\/network-automation\/\" rel=\"category tag\">Network Automation<\/a> <a href=\"https:\/\/zpesystems.com\/category\/remote-network-management\/out-of-band-management\/\" rel=\"category tag\">Out of Band Management<\/a> <a href=\"https:\/\/zpesystems.com\/category\/remote-network-management\/\" rel=\"category tag\">Remote Network Management<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/sd-branch\/\" rel=\"category tag\">SD-Branch<\/a> <a href=\"https:\/\/zpesystems.com\/category\/improve-network-security\/sd-wan\/\" rel=\"category tag\">SD-WAN<\/a> <a href=\"https:\/\/zpesystems.com\/category\/streamline-deployments\/\" rel=\"category tag\">Streamline Deployments<\/a> <a href=\"https:\/\/zpesystems.com\/category\/simplify-branch-infrastructure\/vendor-neutral-platform\/\" rel=\"category tag\">Vendor Neutral Platform<\/a>","rttpg_excerpt":"This guide describes the 10 minimum cybersecurity requirements mandated by NIS2 and provides tips to simplify NIS2 compliance.","_links":{"self":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/41051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/comments?post=41051"}],"version-history":[{"count":9,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/41051\/revisions"}],"predecessor-version":[{"id":227985,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/posts\/41051\/revisions\/227985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/media\/41052"}],"wp:attachment":[{"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/media?parent=41051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/categories?post=41051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zpesystems.com\/wp-json\/wp\/v2\/tags?post=41051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}