Free, open source, no signup
NIS2 Risk Assessment in under 5 minutes
Seven questions per system. Risk level and audit-defensible justification per BSI Grundschutz 200-2.
BSI-200-2 maximum principle. NIS2 Art 21(1) + Art 21(2)(a), BSIG §30. No signup, the result stays with you.
Example result
Marketing site with customer data
Risk levelStandard
Answers (condensed)
- ReachDirectly reachable from the internet
- AccessIncludes privileged users (admins, finance, executives)
- UpdatesYes, the vendor actively maintains it and ships patches
- HistoryNo incidents, and we have logging or monitoring that would catch them
- OutageWeeks. Nobody would really notice.
- RecoveryWithin a week
- SensitivityCustomer data or operational business data
Question 1 of 7Security
How is the system reachable from the internet?
How exposed is the system to attack?