Network and Information Systems (NIS)

The EU Directive on the security of network and information systems (NIS) becomes UK law in May 2018.  This Directive places requirements on companies and organisations providing essential services in a number of critical national infrastructure sectors.  The Directive is concerned with the security and resilience of networks and IT systems.  NCSC’s website contains a number of pages of cyber security guidance on the implementation of the Directive, NCSC’s role and the support it will provide to companies required to comply.

There will be occasions when networks and IT systems are affected by factors relating to personnel and physical security.  CPNI has a range of published guidance on these security disciplines which may be of interest and use to companies preparing for NIS implementation; these include general measures on personnel security and more specific physical measures designed to protect sensitive information.