Alignment with NIST Cybersecurity Framework and NIS2

The Network and Information Security Directive 2022/2555, otherwise known as NIS2, is a European Union (EU) directive designed to improve the security of network and information systems in the EU. It requires organizations that provide services identified by EU Member States as essential or important to the European economy and society to implement a range of cybersecurity measures and controls. NIS2's requirements closely align with the United States’ National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), providing companies that follow the NIST CSF framework a foundation for compliance with NIS2. Proofpoint's cybersecurity policies and practices align with NIST CSF and NIS2 requirements.

Proofpoint offers a range of cybersecurity and compliance solutions that can help its customers protect their network and information systems from cybersecurity threats and enhance their security practices. This includes but is not limited to:

• Threat Protection Packages - Proofpoint's advanced threat detection and filtering capabilities help protect its customers’ environments and end-users against a wide range of threats, such as phishing, malware, spam, malicious URLs, and business email compromise.
• Data Security Packages - Help prevent data loss from managed and unmanaged endpoints and sanctioned cloud apps. Enables customers to investigate data loss incidents in seconds with unified data and user risk and stop data loss with hundreds of built-in identifiers or custom policies.
• Adaptive Email DLP (AEDLP) – Proofpoint helps organizations avoid the loss of sensitive data by detecting and preventing misdelivered emails, mis-attached files, and intentional exfiltration of data.
• Insider Threat Management – Proofpoint’s Insider Threat Management can provide visibility into risky employee behavior that leads to business disruption and data loss. Insider Threat Management gathers evidence to accelerate investigations and help ensure appropriate organizational response to mitigate loss.
• Automated Risk Based Learning – Move beyond standard compliance training to drive behavioral change and build a security-minded culture.
• Digital Communications Governance – Proofpoint offers compliance reporting tools and functionality including Compliance Gateway, Track, and Supervision to help organizations monitor and report on compliance with regulations and other requirements.
• Third party risk management – Proofpoint Supplier Threat Protection (STP) helps keep its customers’ supply chains secure from advanced phishing, malware, and business email compromise (BEC) attacks. It checks suppliers and known third parties for signs that they may have been compromised.
• Identity Threat Defense – Proofpoint’s Identity Threat Defense (ITD) platform provides comprehensive protection against identity-based threats. It includes Proofpoint Shadow (deception technology for active threat detection) and Proofpoint Spotlight (identity vulnerability discovery and remediation), allowing customers to identify and proactively address risks while also detecting and investigating active attacks through agentless deception techniques and forensic data collection.

Please see Proofpoint's Resources site for additional information about Proofpoint's cybersecurity and risk management solutions.