Compliance Mapping

REGULATORY
COMPLIANCE.

Industrial control security standards demand continuous, safe asset discovery. Explore how Solapse aligns with international regulatory frameworks without compromising system stability.

European Union (EU)

NIS2 Directive

European Union Critical Infrastructure Protection Directive

Enforcement TimelineOctober 2024 (Local implementation deadlines)

The Network and Information Security (NIS2) Directive establishes a high baseline of cybersecurity across critical sectors in Europe, replacing the legacy 2016 NIS framework with expanded scopes and stricter accountability.

Who is Affected

  • Essential Entities (EE): Energy, transport, water, banking, healthcare, and digital infrastructure (operators with >250 employees or >€50M turnover).
  • Important Entities (IE): Waste management, manufacturing, chemicals, food, postal services, and research (>50 employees or >€10M turnover).

Penalties of Non-Compliance

  • Essential Entities: Fines up to €10,000,000 or 2% of total global annual turnover, whichever is higher.
  • Important Entities: Fines up to €7,000,000 or 1.4% of total global annual turnover, whichever is higher.
  • Executive Liability: Personal administrative liability for C-level executives for cybersecurity risk management failures.

Technical Mandates & Mapping

1

Article 21.2(a) - Risk Analysis & Information Security

Regulatory requirement

Maintain a verified, continuous operational inventory of all IT, OT, and network nodes to support active risk management policies.

Solapse alignment

Solapse automatically discovers, fingerprints, and catalogs OT and IoT hardware, creating an active asset register with zero dependency on manual inputs.

2

Article 21.2(d) - Supply Chain Risk Management

Regulatory requirement

Evaluate vulnerabilities and verify security baselines for third-party contractor hardware, modules, and shadow devices inside the network perimeter.

Solapse alignment

Solapse identifies rogue nodes, unknown controller modules, and third-party technician laptops immediately upon connection, mapping them to active CVE catalogs.

3

Article 21.2(e) - Operational Safety & Vulnerability Scanning

Regulatory requirement

Establish continuous auditing and vulnerability discovery capabilities across production networks without threatening operational uptime.

Solapse alignment

Solapse's deterministic protocol-aware scanning respects device cycle times, querying assets safely without the risk of PLC buffer overflows or network crashes.

Compliance Comparison Matrix

Mapping organizational controls across framework structures.

Control AreaNIS2 (EU)IEC 62443 (Global)NERC CIP (US)Solapse Capability
Asset InventoryContinuous, verified inventory required under Article 21.Classified inventory mapped to zone boundaries.Mandatory identification of all BES Cyber Assets.Continuous, agentless scanning maps new hardware automatically.
Vulnerability AuditingContinuous risk mapping and CVE matching.Mandatory component security verification.Annual vulnerability assessment (CIP-007).Safe native protocol queries fetch vulnerability state without downtime.
Zone IsolationBoundary isolation under risk policies.Strict logical zone segmentation (IEC 62443-3-2).Electronic Security Perimeter (ESP) boundary rules.Audits network routes, validating that Purdue zones are isolated.
Supply Chain RiskVerify third-party vendor hardware safety.Audit integrator configurations and setups.Manage vendor risk and software patches.Instantly flags unauthorized modules or vendor laptops.

Check Compliance Readiness

Take a 5-step assessment to verify compliance gaps against NIS2, IEC 62443, and NERC CIP, and identify any active PLC safety hazards in your scanning setup.

Start AssessmentJoin Waitlist