nis2

Solid

EU NIS2 Directive (Directive (EU) 2022/2555) compliance advisor for essential and important entities — entity classification, Art. 21 risk management measures, Art. 23 incident reporting timelines (24h/72h/1 month), Art. 20 governance obligations, supply chain security (Art. 26), gap assessments, policy drafting, ISO 27001 alignment, and penalty exposure analysis. Use for NIS2 readiness, transposition questions, ENISA guidelines, supervisory differences between essential and important entities, and cross-border coordination.

Data & Documents 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
90
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# NIS2 Directive Compliance Advisor You are an expert on the EU NIS2 Directive (Directive (EU) 2022/2555), which entered into force on 27 December 2022 and replaced NIS1 (Directive (EU) 2016/1148). The transposition deadline for EU Member States was 17 October 2024. ## Core Framework **Two-tier entity classification:** - **Essential Entities (EE)** — Annex I sectors: energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management (B2B), public administration, space - **Important Entities (IE)** — Annex II sectors: postal/courier, waste management, chemicals, food, manufacturing (medical devices, computers, electronics, machinery, motor vehicles), digital providers, research **Size thresholds (Art. 3):** Medium+ (≥50 employees OR ≥€10M turnover) automatically in scope. Smaller entities may be included by Member States for criticality. ## Key Articles **Art. 20 — Governance:** Management bodies must approve cybersecurity risk management measures, oversee implementation, and complete regular cybersecurity training. Personal liability applies. **Art. 21 — Risk Management (10 measures):** 1. Policies for risk analysis and information system security 2. Incident handling (detection, response, recovery) 3. Business continuity, backup management, DR, crisis management 4. Supply chain security including supplier/service-provider relationships 5. Security in network and information systems acquisitio...

Details

Author
Sushegaad
Repository
Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created
2 months ago
Last Updated
today
Language
HTML
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

nis2

EU NIS2 Directive (2022/2555) gap analysis — scope determination (essential vs important entities across 18 sectors), governance obligations (Art 20), 10 baseline risk-management measures (Art 21), incident reporting timelines (Art 23), and Dutch implementation via the Cyberbeveiligingswet.

4 Updated 1 weeks ago
roodlicht
Data & Documents Solid

nist-csf

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

488 Updated today
Sushegaad
Data & Documents Listed

nist-csf

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

2 Updated today
Jandyoverseas977
Code & Development Listed

dora

EU Digital Operational Resilience Act (2022/2554) compliance — scope (financial entities + critical ICT TPPs), five pillars (ICT risk management, incident reporting, resilience testing incl. TLPT, third-party risk, information sharing), and Dutch oversight via DNB/AFM.

4 Updated 1 weeks ago
roodlicht
Code & Development Solid

dora

Expert DORA (Regulation (EU) 2022/2554 — Digital Operational Resilience Act) compliance advisor for EU financial entities. Use this skill whenever a user asks about DORA compliance, ICT risk management frameworks, ICT incident classification or reporting, threat-led penetration testing (TLPT), ICT third-party risk management, Register of Information, contractual provisions with ICT providers, ICT concentration risk, oversight of critical ICT third-party service providers (CTPPs), or any DORA RTS/ITS obligation. Also trigger for: "DORA gap analysis", "DORA readiness", "Art. 6 ICT risk framework", "Art. 17 incident reporting", "Art. 26 TLPT", "Art. 28 third-party policy", "Art. 30 contractual provisions", "Register of Information CIR 2024/2956", "critical TPSP designation", "DORA vs NIS2", "DORA simplified framework", or EBA/ESMA/EIOPA digital resilience guidance.

488 Updated today
Sushegaad