Back to Catalog

Nis2 Compliance Monitor

Verified

by Dryade Daemon

enterprise compliance
4.7 (16 ratings) 112 downloads
Subscribe & Install

Requires enterprise tier subscription

Description

NIS2 cybersecurity compliance monitoring — risk assessment, incident reporting (24h/72h/1m), supply chain audit, gap analysis, board reporting

Screenshots

Details

NIS2 Compliance Monitor Documentation

Overview

The nis2_compliance_monitor module provides comprehensive monitoring, assessment, and reporting tools for NIS2 (Network and Information Security Directive 2) cybersecurity compliance. It enables organizations to track compliance status, manage risk assessments, handle incident reporting, conduct supply chain audits, perform gap analysis, and generate board-level reports.

Key Features

  • Risk Assessment: Evaluate and score security risks across infrastructure
  • Incident Reporting: Track, categorize, and report security incidents
  • Supply Chain Audit: Monitor third-party and vendor security compliance
  • Gap Analysis: Identify compliance gaps and remediation needs
  • Board Reporting: Generate executive-level compliance reports
  • Compliance Tracking: Monitor ongoing compliance with NIS2 requirements
  • Audit Trails: Maintain detailed logs of all compliance activities

Installation

Prerequisites

  • Python 3.8 or higher
  • pip package manager
  • Database support (PostgreSQL recommended for production)

Basic Installation

pip install nis2-compliance-monitor

Installation from Source

git clone https://github.com/your-org/nis2-compliance-monitor.git
cd nis2-compliance-monitor
pip install -e .

Dependencies

Core dependencies are automatically installed:

  • sqlalchemy>=1.4.0 - Database ORM
  • pydantic>=1.9.0 - Data validation
  • python-dateutil>=2.8.2 - Date utilities
  • requests>=2.28.0 - HTTP client
  • cryptography>=38.0.0 - Security utilities

Optional Dependencies

For enhanced features:

pip install nis2-compliance-monitor[postgres]  # PostgreSQL support
pip install nis2-compliance-monitor[reporting]  # Advanced reporting
pip install nis2-compliance-monitor[api]  # REST API server

Configuration

Environment Variables

NIS2_DATABASE_URL="postgresql://user:password@localhost/nis2_db"
NIS2_API_KEY="your-api-key"
NIS2_ENVIRONMENT="production"  # development, staging, production
NIS2_LOG_LEVEL="INFO"  # DEBUG, INFO, WARNING, ERROR
NIS2_REPORT_FORMAT="pdf"  # pdf, html, json

Configuration File

Create nis2_config.yaml:

database:
  url: "postgresql://user:password@localhost/nis2_db"
  pool_size: 10
  echo: false


compliance:
  framework: "nis2"
  assessment_frequency: "quarterly"
  risk_threshold: 7  # 1-10 scale


incident_management:
  auto_escalate_critical: true
  notification_channels:
    - email
    - slack
    - webhook


supply_chain:
  vendor_assessment_interval: 180  # days
  require_soc2: true
  require_iso27001: false


reporting:
  board_report_frequency: "monthly"
  include_metrics:
    - risk_score
    - incident_count
    - compliance_percentage
    - remediation_status

Python Configuration

from nis2_compliance_monitor import ComplianceManager, Config


config = Config(
    database_url="postgresql://user:password@localhost/nis2_db",
    environment="production",
    log_level="INFO",
    risk_threshold=7,
)


manager = ComplianceManager(config)

Usage

Basic Usage

from nis2_compliance_monitor import ComplianceManager, Asset, RiskLevel


Initialize manager


manager = ComplianceManager()


Register an asset


asset = Asset(
    name="Web Server 01",
    asset_type="server",
    criticality="high",
    location="primary_datacenter"
)
manager.register_asset(asset)


Create risk assessment


assessment = manager.create_risk_assessment(
    asset_id=asset.id,
    vulnerability_count=3,
    exposure_level="medium"
)


Get compliance status


status = manager.get_compliance_status()
print(f"Compliance Score: {status.score}%")
print(f"Risk Level: {status.risk_level}")

Risk Assessment Workflow

from nis2_compliance_monitor import RiskAssessment, Vulnerability


Create assessment


risk_assessment = manager.create_risk_assessment(
    asset_id="asset-001",
    assessment_date="2026-03-28",
    assessor="John Doe"
)


Add vulnerabilities


vuln1 = Vulnerability(
    cve_id="CVE-2026-1234",
    severity="high",
    cvss_score=8.5,
    remediation_status="pending"
)
risk_assessment.add_vulnerability(vuln1)


Score risk


score = risk_assessment.calculate_risk_score()
manager.update_risk_assessment(risk_assessment)

Incident Management

from nis2_compliance_monitor import Incident, IncidentSeverity


Report incident


incident = Incident(
    title="Unauthorized Access Attempt",
    description="Multiple failed login attempts detected",
    severity=IncidentSeverity.MEDIUM,
    affected_asset_id="asset-001",
    discovered_date="2026-03-28T10:30:00Z"
)


manager.report_incident(incident)


Update incident status


manager.update_incident_status(
    incident_id=incident.id,
    new_status="investigating",
    notes="Escalated to security team"
)


Get incident statistics


stats = manager.get_incident_statistics(days=30)
print(f"Total Incidents (30d): {stats.total_count}")
print(f"Critical Incidents: {stats.critical_count}")

Supply Chain Audit

from nis2_compliance_monitor import Vendor, VendorAssessment


Register vendor


vendor = Vendor(
    name="CloudProvider Inc",
    vendor_type="infrastructure",
    contract_start="2025-01-01",
    contract_end="2027-12-31"
)
manager.register_vendor(vendor)


Create assessment


assessment = manager.create_vendor_assessment(
    vendor_id=vendor.id,
    assessment_type="security_controls",
    assessor="compliance_team"
)


Evaluate vendor


assessment.add_control_evaluation(
    control_id="SC-001",
    control_name="Data Encryption",
    compliance_status="compliant",
    evidence_url="https://vendor.example.com/certifications"
)


manager.save_vendor_assessment(assessment)

Gap Analysis

from nis2_compliance_monitor import GapAnalysis


Perform gap analysis


gap_analysis = manager.perform_gap_analysis(
    framework="nis2",
    focus_area="incident_response"
)


Review findings


for gap in gap_analysis.gaps:
    print(f"Gap: {gap.requirement}")
    print(f"Current State: {gap.current_state}")
    print(f"Required State: {gap.required_state}")
    print(f"Priority: {gap.priority}")
    print(f"Estimated Effort: {gap.estimated_effort_hours}h\n")


Create remediation plan


plan = manager.create_remediation_plan(gap_analysis)
manager.track_remediation(plan)

Board Reporting

from nis2_compliance_monitor import ReportFormat


Generate board report


report = manager.generate_board_report(
    reporting_period="Q1 2026",
    format=ReportFormat.PDF,
    include_sections=[
        "executive_summary",
        "compliance_metrics",
        "risk_dashboard",
        "incident_summary",
        "remediation_progress",
        "recommendations"
    ]
)


Save report


report.save("board_report_q1_2026.pdf")


Get executive metrics


metrics = manager.get_executive_metrics()
print(f"Overall Compliance: {metrics.compliance_percentage}%")
print(f"Critical Risks: {metrics.critical_risk_count}")
print(f"Open Incidents: {metrics.open_incident_count}")

API Reference

ComplianceManager

Main class for managing NIS2 compliance operations.

Methods

__init__(config: Config)

  • Initialize the compliance manager
  • Parameters: config (Config) - Configuration object

register_asset(asset: Asset) -> str

  • Register a new asset for monitoring
  • Returns: Asset ID

create_risk_assessment(asset_id: str, **kwargs) -> RiskAssessment

  • Create a risk assessment for an asset
  • Returns: RiskAssessment object

report_incident(incident: Incident) -> str

  • Report a security incident
  • Returns: Incident ID

update_incident_status(incident_id: str, new_status: str, notes: str)

  • Update incident status and add notes
  • Raises: IncidentNotFound

register_vendor(vendor: Vendor) -> str

  • Register a vendor/third-party
  • Returns: Vendor ID

create_vendor_assessment(vendor_id: str, **kwargs) -> VendorAssessment

  • Create vendor security assessment
  • Returns: VendorAssessment object

perform_gap_analysis(framework: str, focus_area: str = None) -> GapAnalysis

  • Perform compliance gap analysis
  • Returns: GapAnalysis object

create_remediation_plan(gap_analysis: GapAnalysis) -> RemediationPlan

  • Create remediation plan from gap analysis
  • Returns: RemediationPlan object

generate_board_report(**kwargs) -> Report

  • Generate executive board report
  • Returns: Report object

get_compliance_status() -> ComplianceStatus

  • Get current compliance status
  • Returns: ComplianceStatus object

get_executive_metrics() -> ExecutiveMetrics

  • Get high-level metrics for executives
  • Returns: ExecutiveMetrics object

get_incident_statistics(days: int = 30) -> IncidentStats

  • Get incident statistics for period
  • Returns: IncidentStats object

Asset

Represents a monitored asset.

Attributes:

  • id: str - Unique identifier
  • name: str - Asset name
  • asset_type: str - Type (server, network, application, etc.)
  • criticality: str - Criticality level (low, medium, high, critical)
  • location: str - Physical or logical location
  • owner: str - Asset owner
  • created_date: datetime - Creation date

Incident

Represents a security incident.

Attributes:

  • id: str - Unique identifier
  • title: str - Incident title
  • description: str - Detailed description
  • severity: IncidentSeverity - Severity level (low, medium, high, critical)
  • affected_asset_id: str - Related asset ID
  • status: str - Current status (reported, investigating, resolved)
  • discovered_date: datetime - Discovery date
  • resolved_date: datetime - Resolution date (if applicable)

Vendor

Represents a third-party vendor.

Attributes:

  • id: str - Unique identifier
  • name: str - Vendor name
  • vendor_type: str - Type of vendor (cloud, infrastructure, software, etc.)
  • contract_start: date - Contract start date
  • contract_end: date - Contract end date
  • contact_person: str - Primary contact
  • assessment_status: str - Latest assessment status

RiskAssessment

Risk evaluation for an asset.

Methods:

  • add_vulnerability(vulnerability: Vulnerability) - Add vulnerability
  • calculate_risk_score() -> float - Calculate overall risk score (1-10)
  • get_vulnerabilities() -> List[Vulnerability] - Get all vulnerabilities

GapAnalysis

Compliance gap analysis results.

Attributes:

  • id: str - Analysis ID
  • framework: str - Compliance framework
  • gaps: List[Gap] - List of identified gaps
  • completion_date: datetime - Analysis completion date

Report

Generated compliance report.

Methods:

  • save(filepath: str, format: str = None) - Save report to file
  • get_html() -> str - Get HTML version
  • get_json() -> dict - Get JSON version

Examples

Complete Compliance Workflow

from nis2_compliance_monitor import ComplianceManager, Config


1. Initialize


config = Config(
    database_url="postgresql://localhost/nis2_db",
    environment="production"
)
manager = ComplianceManager(config)


2. Register assets


assets = [
    {"name": "Web Server", "type": "server", "criticality": "high"},
    {"name": "Database Server", "type": "server", "criticality": "critical"},
    {"name": "Firewall", "type": "network", "criticality": "critical"},
]


for asset_data in assets:
    asset = manager.create_asset(**asset_data)
    print(f"Registered: {asset.name}")


3. Perform risk assessments


for asset in manager.list_assets():
    assessment = manager.create_risk_assessment(
        asset_id=asset.id,
        scan_date="2026-03-28"
    )
    score = assessment.calculate_risk_score()
    print(f"{asset.name}: Risk Score {score}/10")


4. Handle incidents


recent_incidents = manager.get_incidents(days=7, status="open")
for incident in recent_incidents:
    manager.update_incident_status(
        incident.id,
        "investigating",
        "Under investigation by SOC"
    )


5. Audit vendors


vendors = manager.list_vendors()
for vendor in vendors:
    assessment = manager.create_vendor_assessment(
        vendor_id=vendor.id
    )
    manager.save_vendor_assessment(assessment)


6. Gap analysis


gap_analysis = manager.perform_gap_analysis("nis2")
remediation = manager.create_remediation_plan(gap_analysis)
print(f"Found {len(gap_analysis.gaps)} compliance gaps")


7. Generate reports


board_report = manager.generate_board_report(
    reporting_period="Q1 2026",
    format="pdf"
)
board_report.save("q1_2026_compliance_report.pdf")


metrics = manager.get_executive_metrics()
print(f"Compliance Score: {metrics.compliance_percentage}%")

Risk Assessment Deep Dive

from nis2_compliance_monitor import RiskAssessment, Vulnerability


Create detailed assessment


assessment = manager.create_risk_assessment(
    asset_id="db-server-01",
    assessment_type="vulnerability_scan"
)


Add vulnerabilities


vulnerabilities = [
    Vulnerability(
        cve_id="CVE-2026-1001",
        title="SQL Injection",
        severity="critical",
        cvss_score=9.8,
        affected_component="application_layer"
    ),
    Vulnerability(
        cve_id="CVE-2026-1002",
        title="Unpatched OS",
        severity="high",
        cvss_score=8.2,
        affected_component="operating_system"
    ),
]


for vuln in vulnerabilities:
    assessment.add_vulnerability(vuln)


Calculate and update


risk_score = assessment.calculate_risk_score()
assessment.set_remediation_priority("immediate" if risk_score > 8 else "standard")
manager.update_risk_assessment(assessment)

Supply Chain Compliance Check

# Register and assess critical vendor
vendor = manager.create_vendor(
    name="AWS",
    vendor_type="cloud_infrastructure",
    criticality="critical"
)


assessment = manager.create_vendor_assessment(
    vendor_id=vendor.id,
    assessment_scope="security_controls"
)


Evaluate against requirements


requirements = [
    ("data_encryption", "AES-256 at rest and in transit"),
    ("incident_response", "24/7 SOC monitoring"),
    ("backup_recovery", "RTO 4 hours, RPO 1 hour"),
    ("soc2_compliance", "SOC 2 Type II certified"),
]


for req_id, requirement in requirements:
    assessment.evaluate_requirement(
        req_id=req_id,
        requirement=requirement,
        compliant=True,
        evidence="AWS Compliance Portal verification"
    )


manager.save_vendor_assessment(assessment)
compliance_status = assessment.get_compliance_status()
print(f"Vendor Compliance: {compliance_status.percentage}%")

Testing

Unit Tests

import pytest
from nis2_compliance_monitor import ComplianceManager, Asset, Incident


@pytest.fixture
def manager():
    config = Config(database_url="sqlite:///:memory:")
    return ComplianceManager(config)


def test_register_asset(manager):
    asset = Asset(name="Test Server", asset_type="server")
    asset_id = manager.register_asset(asset)
    assert asset_id is not None


retrieved = manager.get_asset(asset_id)
assert retrieved.name == "Test Server"



def test_report_incident(manager):
    incident = Incident(
        title="Test Incident",
        severity="high",
        affected_asset_id="asset-001"
    )
    incident_id = manager.report_incident(incident)
    assert incident_id is not None


def test_risk_assessment(manager):
    assessment = manager.create_risk_assessment(asset_id="asset-001")
    score = assessment.calculate_risk_score()
    assert 0 <= score <= 10


def test_gap_analysis(manager):
    gap_analysis = manager.perform_gap_analysis("nis2")
    assert gap_analysis is not None
    assert len(gap_analysis.gaps) > 0

Integration Tests

def test_complete_workflow(manager):
    # Register asset
    asset = Asset(name="Production Server", asset_type="server")
    asset_id = manager.register_asset(asset)
    

# Create risk assessment
assessment = manager.create_risk_assessment(asset_id=asset_id)
risk_score = assessment.calculate_risk_score()

# Report incident
incident = Incident(
    title=&quot;High Risk Finding&quot;,
    severity=&quot;high&quot; if risk_score &gt; 7 else &quot;medium&quot;,
    affected_asset_id=asset_id
)
incident_id = manager.report_incident(incident)

# Verify
assert incident_id is not None
assert manager.get_incident(incident_id).severity == &quot;high&quot;



def test_vendor_assessment_workflow(manager):
    vendor = manager.create_vendor(name="Test Vendor")
    assessment = manager.create_vendor_assessment(vendor_id=vendor.id)
    manager.save_vendor_assessment(assessment)


retrieved = manager.get_vendor_assessment(assessment.id)
assert retrieved.vendor_id == vendor.id

Running Tests

# Run all tests
pytest


Run with coverage


pytest --cov=nis2_compliance_monitor


Run specific test file


pytest tests/test_risk_assessment.py


Run with verbose output


pytest -v

Troubleshooting

Common Issues

Database Connection Error

Error: could not connect to database
Solution: Verify DATABASE_URL is correct and PostgreSQL service is running

Permission Denied on Reports

Error: Permission denied writing report
Solution: Ensure application has write permissions to report output directory

Vendor Assessment Timeout

Error: Vendor assessment request timed out
Solution: Increase timeout in config or check vendor API availability

Support

For issues, feature requests, or documentation updates:

  • GitHub Issues: https://github.com/your-org/nis2-compliance-monitor/issues
  • Documentation: https://nis2-compliance-monitor.readthedocs.io
  • Email: compliance-support@your-org.com

Plugin Info

Version 0.2.0
Author Dryade Daemon
Tier enterprise
Category compliance
Type utility
Downloads 112
Updated Apr 26, 2026

Tags

enterprisenis2compliancemonitor