NIS2 Technical Readiness Checklist

Scope A technical self-assessment for entities in scope of the NIS2 Directive (Directive (EU) 2022/2555). Each item is a thing a sysadmin can verify on a host now — a command output, a config flag, a file’s contents, an external scan result — not a policy approval or a named role. This is the box-level companion to nis2-infrastructure. That guide explains why each Article 21(2) measure matters and how to implement it; this checklist is the “is it actually configured?” layer. ...

8 min

Agentic AI Deployment Readiness Checklist

Scope Applies to any agentic AI system being deployed in a security operations context — vulnerability triage, log analysis, alert enrichment, ticket routing, control monitoring — where the system can take or recommend actions that have real consequences. This is a design-review checklist, not a hardening checklist. The items below ask “have you decided?”, “is it documented?”, “does it pass the test?” — not “what is the output of this command?”. Work top-to-bottom. Items reference the two long-form pieces in the ai-security series for the reasoning behind each control; this checklist is the “have I done it” layer. ...

6 min

NIS2 at the Infrastructure Layer

Applies to: EU-established entities that fall in scope of NIS2 as essential or important entities, and the infrastructure teams that serve them. This is not legal advice — it is an infrastructure-focused reading of Article 21’s risk-management measures, intended to be operationally useful. Use it alongside formal legal review, not instead of it. Why this matters NIS2 — the Network and Information Security Directive, Directive (EU) 2022/2555 — is the regulation a lot of sysadmins are told to “comply with” without ever being told what that means at the level of files, configurations, and procedures. The directive is short by EU standards and intentionally outcome-focused: it lists ten risk-management measure areas in Article 21(2) and asks each entity to implement “appropriate and proportionate” measures in each. ...

8 min