The NIS2 Compliance Report is a dedicated PDF document designed to help organizations demonstrate compliance with the EU Network and Information Systems Directive 2 (NIS2). This is a Pro feature.
NIS2 is the EU cybersecurity directive that requires organizations operating critical infrastructure — including energy, transport, healthcare, finance, and digital services — to implement appropriate security measures and demonstrate regular risk assessment. Article 21 specifically addresses access control, identity management, and asset management, all of which relate to file system permissions.
Before generating a NIS2 report, you need a NIS2 Compliance Profile:
On the home screen, when NIS2 features are enabled (in Settings), the NIS2 Compliance Dashboard appears. It tracks:
NIS2 Profile Configuration — Whether you have a profile marked as a NIS2 Compliance Profile. Pass/Fail status.
Continuous Monitoring — How many automated monitoring tasks are configured. NIS2 expects regular assessments.
Incident Detection — Whether change detection emails have been sent in the last 30 days, indicating active monitoring.
The dashboard gives you a quick overview of your compliance posture without generating a full report.
There are two ways to generate a NIS2 Compliance Report:
From the home screen: Click the NIS2 report button. The application checks for a NIS2 profile and a recent audit. If the last audit is more than 30 days old, you’re prompted to run a fresh one — NIS2 recommends monthly assessments.
From the report view: After running an audit with a NIS2 profile, use the NIS2 Report export option in the “More Formats” dropdown. Choose a save location and the PDF is generated.
The NIS2 Compliance Report PDF contains:
Title and metadata — Report title, generation date, and audit period.
Executive Summary — Key metrics at a glance:
Risk Assessment Table — A structured assessment with four categories, each mapped to a specific NIS2 article:
| Risk category | What it measures | NIS2 article |
|---|---|---|
| Everyone / Authenticated Users Access | Folders accessible to overly broad groups | Art. 21 — Access Control |
| Disabled Account Access | Disabled AD accounts that still have permissions | Art. 21 — Identity Management |
| Orphaned SIDs | Unresolvable SIDs indicating deleted accounts with lingering access | Art. 21 — Asset Management |
| Excessive Permissions | Individual users with Full Control (violates least privilege) | Art. 21 — Least Privilege |
Each row shows the count of findings and the severity level (High or Medium).
The NIS2 report checks how recent the audit data is. If the audit is more than 30 days old, the application warns you and offers to run a fresh audit. Using stale data for compliance reporting undermines the purpose of regular assessments.
For best results, run the NIS2 audit immediately before generating the report, or use scheduled tasks to maintain regular audit cadence.
For comprehensive NIS2 compliance, combine the NIS2 Compliance Report with automated change detection:
This combination gives you both the periodic assessment and the continuous monitoring that NIS2 requires.