7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

6.3 Configuration management

6.3.1. The relevant entities shall establish, document, implement, and monitor configurations, including security configurations of hardware, software, services and networks.

6.3.2. For the purpose of point 6.3.1., the relevant entities shall:

(a) lay down configurations, including security configurations, for their hardware, software, services and networks;
(b) lay down and implement processes and tools to enforce the laid down configurations, including security configurations, for hardware, software, services and networks, for newly installed systems as well as for operational systems over their lifetime.

6.3.3. The relevant entities shall review and, where appropriate, update configurations at planned intervals or when significant incidents or significant changes to operations or risks occur.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!