Guidelines on assessing DSP security and OES compliance with the NISD security requirements

Back to all publications

Download

Publication date:November 28, 2018

This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it provides an analysis of the most relevant information security standards and frameworks to support OES and DSP in practicing the above exercises in the most tailored and efficient manner.

Search related content with: NIS Directive Digital Service Providers (DSP)

Publication details

Related content

ENISA NIS Investments 2025 cover featuring the main sectors icons

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy
translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

Cyber hygiene in the health sector illustration with medical staff, hospital, and cybersecurity icons, by ENISA

Cyber Hygiene in the Health Sector

This booklet, developed by ENISA, provides clear and targeted guidance with practical steps that health entities can take to:
-  Safeguard sensitive data
- Minimise exposure to common cyber threats-

ENISA report cover: "Telecom Security Incidents 2024", published July 2025, with cybersecurity-themed imagery.

Telecom Security Incidents 2024

The 2024 annual summary contains reports of 188 incidents submitted by national authorities from 26 EU Member States and 2 European Free

Cover page of an ENISA report titled 'Cybersecurity Roles and Skills for NIS2 Essential and Important Entities', featuring a person typing on a laptop with floating digital icons representing cybersecurity roles. The report is dated June 2025 and maps NIS2 obligations to the ECSF.

Cybersecurity roles and skills for NIS2 Essential and Important Entities

 ENISA in line with articles 6 and 10 of the Cybersecurity Act , prepared this guidance document on the skills and roles for the cybersecurity professionals needed to meet these legal requirements effectively.

BROWSE ALL PUBLICATIONS

4th ERA-ENISA Conference on Cybersecurity in Railways

2024 Oct 2

ENISA Telecom and Digital Infrastructure Security Forum 2025

2025 Mar 20

7th E.DSO/EE-ISAC/ENCS/ENISA Cybersecurity Forum

2024 Oct 1

ENISA Telecom Security Forum 2022

2022 Jun 29

BROWSE ALL EVENTS

What’s Driving Cybersecurity Investments and where lie the challenges?

Press Release

The 6th edition of the NIS Investments report reveals investments shifting from people to technology, talent shortages deepening, compliance and NIS2 driving action but implementation posing a challenge.

eHealth security in the spotlight: A good practice guide for a robust and resilient EU health sector

News Item

Unveiled on the sidelines of the 10th edition of the eHealth Security conference, the European Union Agency for Cybersecurity (ENISA) publishes a good practice guide to support entities of the health sector in strengthening their digital security.

Supporting NIS2 implementation through actionable guidance

Press Release

The EU Agency for Cybersecurity (ENISA) publishes a technical guideline for the security measures of the NIS2 Implementing Regulation to assist digital infrastructures and managed service providers.

Putting EU resilience to the test: ENISA handbook on cyber stress testing

News Item

The Handbook for Cyber Stress Testing aims to support national authorities in assessing the cybersecurity and resilience of critical sector entities.

BROWSE ALL NEWS