Content library
NIS2 Directive
23.1: Incident notifications to CSIRT and recipients of services

How to fill the requirement

NIS2 Directive

23.1: Incident notifications to CSIRT and recipients of services

Task name
Priority
Status
Theme
Policy
Other requirements
The step-by-step process of notification of incidents to the authorities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
6
requirements

Task is fulfilling also these other security requirements

23.1: Incident notifications to CSIRT and recipients of services
NIS2
Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
DORA
11 §: Poikkeamailmoitukset viranomaiselle
KyberTL
12 §: Poikkeamaa koskeva väliraportti
KyberTL
13 §: Poikkeamaa koskeva loppuraportti
KyberTL
1. Task description

The organization informs the authority defined in the legislation (CSIRT) without delay about disturbances that have significantly affected the provision of its services. 

A disturbance is significant when at least one of the following occurs:

  • disruption may cause serious disruption in the operation of services or serious financial losses for the service provider
  • disruption may cause significant material or immaterial damage to related people or other organizations

Notifications are to be done step by step according to the descriptions below. In addition, while the disruption is ongoing, the organization must deliver the status updates requested by the authority.

Early warning (at the latest within 24 hours of detecting the disruption)

  • is the cause suspected to be illegal activities
  • can the disruption have effects on other countries

More detailed notification of disruption (within 72 hours of the disruption at the latest detection)

  • previous information is updated
  • the current assessment of the disturbance, its severity and effects is given
  • possible evidence of the leakage is listed

Final report (at the latest within 1 month of the incident report)

  • a detailed description of the incident, including its severity and effects
  • type of threat or root cause that likely triggered the event
  • applied and ongoing mitigation measures
  • potential impact on other countries
Incident notifications for users of own services
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
4
requirements

Task is fulfilling also these other security requirements

23.1: Incident notifications to CSIRT and recipients of services
NIS2
14 §: Poikkeamasta ja kyberuhkasta ilmoittaminen muulle kuin viranomaiselle
KyberTL
1. Task description

If it is appropriate from the point of view of the service provided by the organization, the organization will notify the users of its services without delay of significant disruptions that are likely to negatively affect the delivery of the services in question. 

A disruption is significant when at least one of the following occurs:

  • disruption can cause a serious disruption in the operation of services or serious financial losses for the service provider
  • disruption can cause significant material or non-material damage to related people or other organizations
Keeping contact with relevant authorities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
10
requirements

Task is fulfilling also these other security requirements

6.1.3: Contact with authorities
ISO27 Full
RC.CO-1: Public relations
NIST
5.5: Contact with authorities
ISO27k1 Full
23.1: Incident notifications to CSIRT and recipients of services
NIS2
CC2.3: Communication with external parties
SOC 2
1. Task description

The organization lists the relevant government actors with whom it is important to actively contact and, if necessary, get in touch quickly. These authorities include national law enforcement and supervisory authorities.

A clear contact person should be defined for the relevant authorities to act as a contact point for the organization.

No items found.