7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

6.5 Security testing

6.5.1. The relevant entities shall establish, implement and apply a policy and procedures for security testing.

6.5.2. The relevant entities shall:

(a) establish, based on the risk assessment, the need, scope, frequency and type of security tests;
(b) carry out security tests according to a documented test methodology, covering the components identified as relevant for secure operation in a risk analysis;
(c) document the type, scope, time and results of the tests, including assessment of criticality and mitigating actions for each finding;
(d) apply mitigating actions in case of critical findings.

6.5.3. The relevant entities shall review and, where appropriate, update their security testing policies at planned intervals.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!