A NIS Directive compliant Cybersecurity Maturity Assessment Framework
This addresses cybersecurity compliance for operators of essential services and digital service providers under the NIS Directive, but it is incremental as it adapts existing assessment concepts to specific regulatory requirements.
The paper tackles the need for assessing compliance with the NIS Directive's cybersecurity obligations by developing a tailored cybersecurity maturity assessment framework (CMAF) that serves as a self-assessment tool for critical infrastructures and an audit tool for authorities.
The NIS Directive introduces obligations for the security of the network and information systems of operators of essential services and of digital service providers and require from the national competent authorities to assess their compliance to these obligations. This paper describes a novel cybersecurity maturity assessment framework (CMAF) that is tailored to the NIS Directive requirements and can be used either as a self assessment tool from critical national infrastructures either as an audit tool from the National Competent Authorities for cybersecurity.