7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

13.3 Perimeter and physical access control

13.3.1. For the purpose of Article 21(2)(i) of Directive (EU) 2022/2555, the relevant entities shall prevent and monitor unauthorised physical access, damage and interference to their network and information systems.

13.3.2. For that purpose, the relevant entities shall:

(a) on the basis of the risk assessment, lay down and use security perimeters to protect areas where network and information systems and other associated assets are located;
(b) protect the areas referred to in point (a) by appropriate entry controls and access points;
(c) design and implement physical security for offices, rooms and facilities,
(d) continuously monitor their premises for unauthorised physical access.

13.3.3. The relevant entities shall test, review and, where appropriate, update the physical access control measures on a regular basis or following significant incidents or significant changes to operations or risks.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!