7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

12.1 Asset classification

12.1.1. For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall lay down classification levels of all information and assets in scope of their network and information systems for the level of protection required.

12.1.2. For the purpose of point 12.1.1., the relevant entities shall:

(a) lay down a system of classification levels for information and assets;
(b) associate all information and assets with a classification level, based on confidentiality, integrity, authenticity and availability requirements, to indicate the protection required according to their sensitivity, criticality, risk and business value,
(c) align the availability requirements of the information and assets with the delivery and recovery objectives set out in their business and disaster recovery plans.

12.1.3. The relevant entities shall conduct periodic reviews of the classification levels of information and assets and update them, where appropriate.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!