NIS2 Platform

Appearance

Professional Services

Platform developed and maintained by Fabrizio Salmi, independent consultant specializing in NIS2 Directive compliance and supply chain security.

For CISO and compliance officers

NIS2 Readiness Assessment

Full gap analysis across all 10 sub-paragraphs (a)-(j) of Art. 21:

  • Mapping existing controls to regulatory requirements
  • Risk assessment with CVSS-based severity scoring
  • Prioritized remediation roadmap with effort and cost estimates
  • Board-ready compliance posture presentation
  • Support for Determina ACN 127434 baseline measures (Italy)

Private NIS2 Scan (white-label)

Complete infrastructure scan with executive reporting:

  • Full Art. 21 assessment
  • Certificate chain analysis with remediation priorities
  • DNS security audit (SPF, DMARC, DKIM, DNSSEC)
  • Port exposure analysis with risk classification
  • Deliverable: executive PDF report + technical findings spreadsheet

Incident Response (Art. 23 CSIRT)

Support for CSIRT notification within mandated deadlines:

  • Incident classification with EU taxonomy
  • Timeline reconstruction and evidence preservation
  • Notification drafting (24h early warning, 72h notification, final report)
  • Post-incident review and lessons learned

For NIS2 consultants and DPO

Multi-tenant for consultants

Multi-organization architecture for managing multiple clients:

  • Complete data isolation per organization
  • Role-based access: admin, auditor, viewer
  • Aggregated dashboard to monitor all clients
  • Executive reports for client billing justification
  • CSV/PDF export for board presentations

Technical services

Certificate lifecycle management

TLS/SSL remediation with CertMate and CertMate-NG (private -- request access):

  • Certificate inventory and expiry tracking
  • Chain validation and intermediate certificate issues
  • Automated renewal pipeline setup (certbot, acme.sh)
  • OCSP and CT log monitoring
  • Key strength migration (RSA to ECDSA)

Continuous monitoring

Ongoing compliance assurance:

  • Scheduled weekly/monthly scans with trend analysis
  • Quarterly reports with score progression
  • Certificate expiry alerts (30/15/7-day warnings)
  • New vulnerability detection and prioritization

Platform customization

Dedicated deployments for specific needs:

  • Private on-premise or cloud deployment
  • Sector-specific scanner modules (healthcare, finance, energy)
  • Custom report templates with corporate branding
  • SIEM/SOAR/ticketing integration (Jira, ServiceNow)
  • MCP server configuration for AI-assisted workflows

Training

NIS2 and security training:

  • Board-level NIS2 overview (obligations, penalties, deadlines)
  • Technical security training for development and operations teams
  • Platform training for internal compliance officers

Commercial license

The platform is released under AGPL-3.0. For organizations that require a commercial license without copyleft obligations, dual licensing agreements are available.

Contact

Fabrizio Salmi Email: fabrizio.salmi@gmail.com GitHub: github.com/fabriziosalmi

Related tools: