Updated NIS 2 mapping for Essential and Important entities

What's new?

Scrut has re-engineered the NIS 2 Directive framework in the platform. The updated mapping removes broad Member State governance provisions and informational clauses that do not require direct organizational action, leaving only the obligations that apply to Essential and Important entities. Control and evidence mappings have also been fully reworked to improve clarity and traceability between European cybersecurity requirements and technical evidence.

Why was this needed?

The previous mapping included provisions that added complexity without driving compliance action, slowing down gap assessments and ongoing monitoring. This update transitions NIS 2 from a theoretical regulatory document into a practical security roadmap tailored for Essential and Important entities.

How it works

• Access the updated NIS 2 framework from the Frameworks module.

• Review the re-mapped controls, now aligned specifically to direct obligations for Essential and Important entities.

• Use the refined control and evidence architecture to trace requirements to technical outcomes with greater clarity.

• Run gap assessments against the streamlined scope to reduce time to initial readiness.

• Monitor ongoing compliance using a framework built around actionable, direct-impact requirements.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.