AD FastReporter - Online Manual

Online Manual

NIS2 Compliance Features

This section explains how to use AD FastReporter's specialized NIS2 compliance features to meet EU regulatory requirements.

What is NIS2 Compliance?

The Network and Information Security Directive 2 (NIS2) is an EU regulation that came into effect on October 17, 2024. It requires organizations in critical sectors to implement robust cybersecurity measures, including:

  • Access control management and user authentication policies
  • Multi-factor authentication implementation
  • Regular access reviews and audits
  • Incident detection and 24-hour reporting requirements
  • Supply chain access monitoring

AD FastReporter's NIS2 features help you maintain compliance through automated monitoring, specialized reports, and incident tracking.

Accessing the NIS2 Compliance Dashboard

To access the NIS2 compliance features:

  1. Click the "NIS2 Compliance" button in the main navigation
  2. The system will open the NIS2 Compliance Dashboard
  3. You'll see an overview of your current compliance status

Note: NIS2 compliance features are available in the Pro version only.

Understanding the NIS2 Dashboard

The NIS2 Compliance Dashboard provides real-time visibility into your Active Directory security posture with four main summary cards:

Critical Events Card

Shows the number of critical security events detected in the last 7 days that may require immediate attention or regulatory notification.

High Priority Events Card

Displays high-priority security events that need review but may not require immediate notification to authorities.

Pending Notifications Card

Tracks incidents that require notification within NIS2's 24-hour reporting deadline. This section shows:

  • Number of pending notifications requiring action
  • Time remaining until notification deadlines
  • Current status of each incident

Overall Compliance Status Card

Provides an overall assessment of your compliance health:

  • Compliant - All checks are up to date
  • Review Recommended - Some checks are due soon
  • Action Required - Critical checks are overdue

Working with Pending Notifications

When security events require regulatory notification, they appear in the Pending Notifications section:

Reviewing Pending Notifications

Each pending notification shows:

  • Time Left - Hours remaining until the 24-hour deadline
  • Status - Current notification status (Urgent, Soon, Pending, Overdue)
  • Severity - Critical, High, Medium, or Low
  • Category - Type of security event (Access Control, User Management, etc.)
  • Description - Details about the incident
  • Detected - When the event was first identified

Managing Notifications

For each pending notification, you can:

  1. Mark as Notified - Click "✅ Notified" when you've reported the incident to authorities
  2. Mark as No Action Required - Click "❌ No Action" if the incident doesn't meet the notification threshold

The system automatically tracks your actions and maintains an audit trail for compliance purposes.

Compliance Checks Grid

The main compliance grid shows all available NIS2 checks with their current status:

Understanding Check Status

  • 🟢 Compliant - Check completed within the last 30 days
  • 🟡 Due Soon - Check completed 20-30 days ago
  • 🔴 Overdue - Check not completed in over 30 days
  • ⚪ Never Checked - Check has never been run

Running Compliance Checks

To run a compliance check:

  1. Locate the check in the compliance grid
  2. Click the "Run Check" button in the Action column
  3. The system will open the appropriate NIS2 report
  4. Generate the report to update the compliance status

Pre-Built NIS2 Compliance Reports

AD FastReporter includes 10 specialized reports designed specifically for NIS2 compliance:

Access Control & Privileged Accounts

  • NIS2 - Privileged Accounts Audit - Lists all accounts with elevated privileges
  • NIS2 - Privileged Security Groups - Identifies security groups with administrative privileges
  • NIS2 - Administrative Groups Review - Reviews membership of Domain Admins, Enterprise Admins, and other critical groups
  • NIS2 - Users with Excessive Group Memberships - Identifies users with more than 50 group memberships

User & Identity Management

  • NIS2 - Inactive User Accounts (90+ days) - Finds dormant accounts that pose security risks
  • NIS2 - Orphaned Accounts - Identifies accounts without managers or with disabled managers
  • NIS2 - Service Accounts Audit - Reviews technical accounts requiring special security measures
  • NIS2 - Password Policy Non-Compliance - Finds accounts not meeting password requirements

Supply Chain & Asset Security

  • NIS2 - External Contractor Accounts - Tracks and audits vendor and contractor access
  • NIS2 - Computer Accounts Inactive (90+ days) - Identifies unused computer accounts

Automated Monitoring and Alerts

The NIS2 system automatically monitors your Active Directory for compliance-related events:

Event Categorization

Events are automatically categorized by:

  • Severity - Critical, High, Medium, Low
  • Category - Access Control, User Management, Privileged Access, etc.
  • Notification Requirement - Whether the event requires regulatory notification

Automatic Alerting

When critical events are detected:

  • Email alerts are automatically sent to designated compliance officers
  • Events requiring notification are flagged for 24-hour deadline tracking
  • All events are logged for audit trail purposes

Refreshing Compliance Data

To update the compliance dashboard with the latest information:

  1. Click the "Refresh" button next to "Compliance Checks"
  2. The system will reload all compliance data
  3. Summary cards will update with current counts
  4. Check statuses will reflect the most recent report runs

Best Practices for NIS2 Compliance

To maintain effective NIS2 compliance:

Regular Monitoring Schedule

  • Daily - Check the NIS2 dashboard for new critical events
  • Weekly - Run privileged accounts and access control reports
  • Monthly - Execute inactive accounts and password compliance checks
  • Quarterly - Perform comprehensive access reviews

Incident Response

  • Review pending notifications immediately when they appear
  • Determine within 24 hours whether incidents require regulatory notification
  • Document all decisions in the compliance system
  • Maintain evidence of remediation actions taken

Documentation and Audit Trails

  • Export compliance reports regularly for record-keeping
  • Maintain historical reports showing compliance over time
  • Document the rationale for notification decisions
  • Keep evidence of corrective actions taken

Troubleshooting NIS2 Features

Common issues and solutions:

No Compliance Data Showing

  • Ensure you have Pro version licensing
  • Verify database migrations have been applied
  • Check that NIS2 reports are properly installed

Reports Not Running

  • Confirm you have appropriate Active Directory permissions
  • Check connection settings in the main application
  • Review the application log for specific error messages

Email Alerts Not Working

  • Verify SMTP settings in the Settings tab
  • Check that a default email recipient is configured
  • Test email settings using the test email function

For additional support with NIS2 compliance features, contact our support team with specific details about your configuration and any error messages encountered.

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA