Regulatory & Policy Shifts (CISA, NIS2, DORA)
Key Questions
What recent actions has CISA taken on vulnerabilities and guidance?
CISA added SharePoint exploits to its Known Exploited Vulnerabilities catalog and urged network segmentation. It also issued new coordinated vulnerability disclosure guidance.
What are the key compliance deadlines and requirements under NIS2?
NIS2 takes effect in June 2026 with registration due by October. It mandates 24-72-30 hour incident reporting timelines and introduces executive liability for manufacturing sectors facing OT/IT convergence and supply chain risks.
How does DORA impact financial market infrastructures?
DORA drives compliance demand for financial entities by enforcing digital operational resilience standards. EU Digital Omnibus amendments add further nuances to these regulatory requirements.
CISA adds SharePoint exploits to KEV, urges segmentation, issues new CVD guidance. NIS2 compliance deadlines: June 2026 effective, October registration. Practical guidance for manufacturing (OT/IT convergence, supply chain, board accountability). NIS2 explained: 24-72-30 incident reporting, executive liability. Air-gapped MFA requirements in Germany. DORA for financial market infrastructures drives compliance demand. EU Digital Omnibus amendments add nuance. CISA KEV additions and CVD guidance from recent roundup.