Critical Infrastructure
Critical infrastructure operators — energy, transport, health, water, digital infrastructure — face significant regulatory pressure. NIS2 (in force since October 2024) obliges essential and important entities to implement comprehensive cybersecurity measures including strict access control.
NIS2 and critical infrastructure requirements
The NIS2 Directive (EU) 2022/2555 obliges “essential” and “important” entities in 18 sectors to implement fundamental cybersecurity measures. Art. 21 defines specific technical and organisational measures: mandatory MFA, privileged access policies, incident reporting within 24h (early warning) and 72h (report), and supply chain security measures.
NIS2 Sectors (selection): Energy (electricity, gas, oil, hydrogen), Transport (aviation, rail, road, maritime), Banking, Financial market infrastructures, Healthcare, Drinking water and wastewater, Digital infrastructure (DNS, TLD, data centres, cloud), ICT service management, Public administration.
NIS2-compliant PAM strategy
PAM Xpert supports critical infrastructure operators with NIS2-compliant securing of privileged access — in IT and OT environments.
