eu-regulations

Overview Schema Related Servers Score Discussions

nist-csf-nis2.json•5.9 KiB

[ { "control_id": "GV.OC-01", "control_name": "Organizational context", "regulation": "NIS2", "articles": ["1", "2", "3"], "coverage": "full", "notes": "NIS2 Art 1-3 define scope and essential/important entity context" }, { "control_id": "GV.RM-01", "control_name": "Risk management objectives", "regulation": "NIS2", "articles": ["20", "21"], "coverage": "full", "notes": "Art 20 governance, Art 21 risk-based cybersecurity measures" }, { "control_id": "GV.RR-01", "control_name": "Organizational roles and responsibilities", "regulation": "NIS2", "articles": ["20"], "coverage": "full", "notes": "Art 20 requires management body approval and accountability" }, { "control_id": "GV.PO-01", "control_name": "Cybersecurity policy", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(a) explicitly requires policies on risks and information security" }, { "control_id": "GV.SC-01", "control_name": "Supply chain risk management program", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(d) explicitly requires supply chain security measures" }, { "control_id": "ID.AM-01", "control_name": "Inventories of assets", "regulation": "NIS2", "articles": ["21"], "coverage": "partial", "notes": "Art 21 risk management implies asset inventory" }, { "control_id": "ID.RA-01", "control_name": "Vulnerabilities in assets are identified", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(e) explicitly requires vulnerability handling and disclosure" }, { "control_id": "ID.RA-03", "control_name": "Internal and external threats are identified", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(a) requires policies on risk analysis and information security" }, { "control_id": "ID.RA-05", "control_name": "Risk responses are identified", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2) enumerates specific risk management measures" }, { "control_id": "PR.AA-01", "control_name": "Identities and credentials for authorized users", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(i) requires access control policies" }, { "control_id": "PR.AA-03", "control_name": "Users and services are authenticated", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(j) explicitly requires multi-factor or continuous authentication" }, { "control_id": "PR.AA-05", "control_name": "Access permissions and authorizations are managed", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(i) requires access control policies" }, { "control_id": "PR.AT-01", "control_name": "Awareness and training provided", "regulation": "NIS2", "articles": ["20", "21"], "coverage": "full", "notes": "Art 20(2) requires management body training, Art 21(2)(g) basic cyber hygiene practices" }, { "control_id": "PR.DS-01", "control_name": "Data-at-rest is protected", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(h) explicitly requires encryption" }, { "control_id": "PR.DS-02", "control_name": "Data-in-transit is protected", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(h) requires cryptography and encryption policies" }, { "control_id": "PR.PS-01", "control_name": "Configuration management practices established", "regulation": "NIS2", "articles": ["21"], "coverage": "partial", "notes": "Art 21(2) implies secure configuration as part of risk measures" }, { "control_id": "PR.IR-01", "control_name": "Incident response plan exists", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(b) explicitly requires incident handling" }, { "control_id": "DE.CM-01", "control_name": "Networks and network services are monitored", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2) requires security monitoring capabilities" }, { "control_id": "DE.AE-02", "control_name": "Potentially adverse events are analyzed", "regulation": "NIS2", "articles": ["21", "23"], "coverage": "full", "notes": "Art 21(2)(b) incident handling, Art 23 incident analysis for notification" }, { "control_id": "RS.MA-01", "control_name": "Incident response plan is executed", "regulation": "NIS2", "articles": ["21", "23"], "coverage": "full", "notes": "Art 21(2)(b) incident handling, Art 23 incident notification process" }, { "control_id": "RS.CO-02", "control_name": "Incidents are reported internally", "regulation": "NIS2", "articles": ["23"], "coverage": "full", "notes": "Art 23 requires internal awareness for 24h early warning" }, { "control_id": "RS.CO-03", "control_name": "Information is shared with designated external parties", "regulation": "NIS2", "articles": ["23", "24"], "coverage": "full", "notes": "Art 23 notification to CSIRTs, Art 24 voluntary information sharing" }, { "control_id": "RC.RP-01", "control_name": "Recovery plan is executed", "regulation": "NIS2", "articles": ["21"], "coverage": "full", "notes": "Art 21(2)(c) business continuity, backup management, disaster recovery" }, { "control_id": "RC.CO-03", "control_name": "Recovery activities are communicated", "regulation": "NIS2", "articles": ["21", "23"], "coverage": "full", "notes": "Art 21(2)(c) crisis management, Art 23 final report on incident resolution" } ]

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mortalus/eu-regulations'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

nist-csf-nis2.json•5.9 KiB