Guidance

The NIS Guidance Collection

Created:  28 Jan 2018
Updated:  19 Jul 2018
VERSION 1.0.1 (19 July 2018) Changelog

Introduction

The EU Directive on the security of Network and Information Systems (NIS) was approved in August 2016, giving Member States 21 months to embed the Directive into their respective national laws. The government laid new regulations on the Security of Network and Information Systems in the Houses of Parliament on 20th April 2018, and the Directive comes into force on 10th May 2018.

All organisations deemed by the NIS Competent Authorities to be 'Operators of Essential Services' will be affected by the introduction of the Directive. The pages below are intended to assist the Competent Authorities and the OES to meet some of the Directive requirements.

You should work your way through the pages below in sequence. This will give you a picture of overall NIS Directive security requirements and also the best understanding of how to use our guidance. For definitive information on the role that our NIS guidance will play in your sector please consult your NIS Competent Authority.

NIS Guidance

  1. Introduction to the NIS Directive

    Details on who is affected, the role of the NCSC, and how to comply. Start here if you are in any doubt.

  2. NIS Directive: Top-level objectives

    Statements of the NIS objectives, with links to associated principles and guidance.

  3. Table view of principles and related guidance

    A tabular breakdown of the Objectives, principles and underlying guidance.

  4. NIS Directive - Cyber Assessment Framework

    The first version of the CAF, consisting of a collection of Indicators of Good Practice

Was this guidance helpful?

We need your feedback to improve this content.

Yes No