How Tenable Helps

While the above steps can help you begin to navigate the complexities that this new directive brings, an effective exposure management program helps organisations gain visibility across the modern attack surface, focuses efforts to prevent likely attacks, and accurately communicates cyber risk, supporting optimal business performance.

Tenable products provide useful detection and collection tools that identify and inventory the network, identify the attack surface, and provide the ability to communicate the findings to executive leadership and operation teams on a single platform. As assets on the network are inventoried, the exposure management team is able to gain visibility across the network and clearly identify the modern attack surface. Allowing the asset owners and support teams to focus efforts to prevent the most likely attacks, and accurately communicate cyber risk to executive leadership.

This study covers the methods used by Tenable products to support and guide customers in the following areas:

  1. Vulnerability Management: Tenable's solutions help organisations identify and address vulnerabilities in their network and information systems. This is crucial for complying with NIS 2, which requires organisations to implement measures to manage and mitigate cyber risks.

  2. Risk Assessment: Conducting risk assessments and evaluating the effectiveness of their cybersecurity risk management measures.

  3. Continuous Monitoring: Leveraging different scanner capabilities to continuously network and supporting systems, and provide information needed for an effective incident response initiative.

  4. Incident Detection and Response: The data collected from is often leveraged as evidence of malicious activity or as timeline artefacts used during the incident response investigation. Additionally by identifying the attack surface, customers are able to establish risk mitigation strategies and avoid incents all together.

  5. Compliance and Reporting: The reporting and analysis tools provide organisations the ability to demonstrate compliance with various cybersecurity regulations.

  6. Security Hygiene Practices: The ability to quickly identify the state of the organisation cyber hygiene is crucial in establishing and maintaining the NIS 2 certification.

  7. Identity and Access Control: The framework to ensure that the right users have the appropriate access to the organisation's resources.

This document also assists organisations to map NIS 2 to other standards, specifically, ISA IEC 62443, ISO 27001, and NIST CSF by presenting corresponding cross-reference information. This document provides readers with a set of key points in each topic area. The following mapping serves as guidance:

Many organisations already comply with ISO 27001. The ISO 27001 is an international standard and widely used across the world. The standard was also referred to in the ENISA official guidelines. While the concepts change with NIS 2, the recommended information security standards and control frameworks will likely not change dramatically. For this reason, this guide includes specific cross-reference information between the NIS 2 articles and ISO 27001, NIST CSF, and ISA/IEC 62443.

The cross-reference includes the following information:

  • The article name.

  • SECURITY DOMAIN — The primary Cyber Security Domain.

  • SECURITY SUB-DOMAIN — The secondary Cyber Security Domain.

  • SECURITY MEASURE — The action that needs to be taken.

  • CROSS REFERENCES — Cross-references to ISO 27001, NIST CSF, and ISA/IEC 62443.

  • Relevant Tenable information to assist and provide guidance.