ThreatLocker and the NIS 2 Directive

3 min. readlast update: 06.09.2023



In December 2022, Directive (EU) 2022/2555 (NIS 2) was published in the Official Journal of the European Union. Article 21 of the NIS 2 directive outlines Cybersecurity risk-management measures that essential and important entities must implement. For more information about NIS 2, please visit:

When configured correctly, ThreatLocker can assist in fulfilling the requirements of NIS 2. We have done our best to outline the areas where the ThreatLocker Endpoint Protection Platform can assist in fulfilling the requirements of NIS 2. Where a measure isn’t listed, ThreatLocker does not currently support it.

NIS 2 Article 21 Summary 

“The measures shall be based on an "all-hazards approach" that aims to protect network and information systems and the physical environment of those systems from incidents, and shall include "at least" the following:”

“(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;”

ThreatLocker can assist with maintaining a secure network. 

  • Network Control is a centrally managed endpoint firewall. It allows total control of inbound traffic based on IP addresses, specific keywords, agent authentication, or dynamic ACLs, to protected devices using a simple server-client connection. Ports are automatically opened on demand and remain invisible to unauthorized devices.

“(g) basic cyber hygiene practices and cybersecurity training;”

ThreatLocker can assist with basic cyber hygiene practices. 

  • ThreatLocker Allowlisting creates and maintains a list of software in the environment, blocking all new software by default. Eliminate shadow IT, as all new software will require approval. 
  • ThreatLocker Configuration Manager allows setting security policies for all protected devices without being joined to the domain. Enforce password complexity, length, and age. 
  • ThreatLocker Allowlisting and Ringfencing provide strong protection against known and unknown threats, including malware and ransomware. 
  • ThreatLocker Network Control is a powerful endpoint and server firewall that enables ports to remain closed and open on demand for authorized access. 
  • ThreatLocker Elevation Control eliminates the need to provide users with local admin credentials and instead automatically elevates applications that require it.

“(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;”

ThreatLocker can assist with enforcing encryption procedures. 

  • ThreatLocker Storage Control can enforce encryption of removable storage devices. 
  • ThreatLocker Configuration Manager can send an alert if full-disk encryption is not enabled on protected devices.

“(i) human resources security, access control policies and asset management;”

ThreatLocker can assist with access control. 

  • Allowlisting can be used to control which users can use applications. 
  • Storage Control can control which users can access data storage locations. 
  • Network Control can control which devices are permitted to connect to network resources. 
  • Elevation Control can be used to eliminate local admin accounts and instead elevate applications that require admin privileges without the need for admin credentials. 
  • Combine Elevation Control with Ringfencing to prevent elevated apps from being abused to pivot and run other non-elevated applications with elevated privileges.
Was this article helpful?