NIS2 Directive

21 rules checking EU NIS2 Directive (2022/2555) compliance for essential and important entities. NIS2 requires organizations to implement appropriate and proportionate technical measures for network and information system security.

Rule ID	Severity	NIS2 Reference	Category	Summary
NIS2-NET-001	HIGH	Art. 21(2)(h)	Insecure Protocols	Unencrypted protocol detected
NIS2-NET-002	CRITICAL	Art. 21(2)(g)	Deprecated Protocols	Deprecated or broken protocol detected
NIS2-NET-003	HIGH	Art. 21(2)(h,i)	Insecure Authentication	Insecure authentication protocol detected
NIS2-NET-010	CRITICAL	Art. 21(2)(a)	Overly Permissive	Any-to-any unrestricted traffic
NIS2-NET-011	CRITICAL	Art. 21(2)(i)	Overly Permissive	Overly broad source address
NIS2-NET-012	CRITICAL	Art. 21(2)(i)	Overly Permissive	Overly broad destination address
NIS2-NET-013	CRITICAL	Art. 21(2)(a)	Overly Permissive	All ports or wide port range allowed
NIS2-NET-014	HIGH	Art. 21(2)(a)	Overly Permissive	All protocols (ANY) allowed
NIS2-NET-020	CRITICAL	Art. 21(2)(a)	Network Segmentation	Direct internet-to-internal access
NIS2-NET-021	CRITICAL	Art. 21(2)(a,i)	Database Exposure	Database ports exposed from broad source
NIS2-NET-030	CRITICAL	Art. 21(2)(i,j)	Remote Access	Remote admin from external without VPN
NIS2-NET-031	HIGH	Art. 21(2)(i,j)	Administrative Access	Admin protocols from broad sources
NIS2-NET-032	CRITICAL	Art. 21(2)(a)	ICS/SCADA Isolation	ICS/SCADA protocols crossing zone boundaries
NIS2-NET-033	HIGH	Art. 21(2)(d)	Supply Chain Security	Unrestricted outbound to internet
NIS2-NET-034	CRITICAL	Art. 21(2)(a,i)	Container Exposure	Container/orchestration APIs exposed
NIS2-NET-035	CRITICAL	Art. 21(2)(a,i)	Out-of-Band Management	IPMI/BMC hardware control exposed
NIS2-NET-036	MEDIUM	Art. 21(2)(a)	DNS and Covert Channels	DNS as covert channel from internal segment
NIS2-NET-037	CRITICAL	Art. 21(2)(a,i)	Risky Service Exposure	High-risk service from broad source
NIS2-NET-038	HIGH	Art. 21(2)(i)	Administrative Access	Management traffic crossing untrusted segments
NIS2-NET-039	MEDIUM	Art. 21(2)(f)	Rule Documentation	No application name or business justification

NIST SP 800-53 DORA Regulation