Industries

Critical Infrastructure

Critical infrastructure operators — energy, transport, health, water, digital infrastructure — face significant regulatory pressure. NIS2 (in force since October 2024) obliges essential and important entities to implement comprehensive cybersecurity measures including strict access control.

NIS2 for critical infrastructure

NIS2 and critical infrastructure requirements

The NIS2 Directive (EU) 2022/2555 obliges “essential” and “important” entities in 18 sectors to implement fundamental cybersecurity measures. Art. 21 defines specific technical and organisational measures: mandatory MFA, privileged access policies, incident reporting within 24h (early warning) and 72h (report), and supply chain security measures.

NIS2 Sectors (selection): Energy (electricity, gas, oil, hydrogen), Transport (aviation, rail, road, maritime), Banking, Financial market infrastructures, Healthcare, Drinking water and wastewater, Digital infrastructure (DNS, TLD, data centres, cloud), ICT service management, Public administration.

Critical Infrastructure

NIS2-compliant PAM strategy

PAM Xpert supports critical infrastructure operators with NIS2-compliant securing of privileged access — in IT and OT environments.