Score a security event against the NIS2 Article 23 significant-incident threshold using ENISA-aligned thresholds — service disruption, affected users, financial loss, cascade, malicious act, cross-border impact — and activate 24h/72h/30d reporting clocks (art-144) → assess ICT vendor due-diligence posture across seven Art. 21(2)(d) and ENISA supply-chain controls (art-145) → check Article 20 management-body governance readiness with personal-liability risk flag and optional §16 Ed25519 governance attestation (art-146). Active October 2024; first enforcement wave 2026.
score_nis2_incident_significance{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "score_nis2_incident_significance",
"arguments": {
"service_disruption_hours": 4,
"estimated_affected_users": 5000,
"estimated_financial_loss_eur": 500000,
"third_party_cascade_impact": false,
"involves_malicious_act": false,
"cross_border_impact": false,
"entity_classification": "essential"
}
},
"id": 1
}
score_nis2_supply_chain_diligence{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "score_nis2_supply_chain_diligence",
"arguments": {
"vendor_iso27001_certified": false,
"vendor_incident_history_12mo": 2,
"audit_clause_in_contract": false,
"breach_notification_sla_hours": 120,
"data_residency_eu_only": false,
"sub_contractor_count": 5,
"service_availability_pct": 97.5
}
},
"id": 2
}
check_nis2_governance_readiness{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "check_nis2_governance_readiness",
"arguments": {
"board_approved_art21_measures": false,
"board_receives_quarterly_status_updates": false,
"ciso_or_equivalent_designated": true,
"board_cybersecurity_training_completed": false,
"training_covers_threat_landscape": false,
"training_covers_incident_response": false,
"board_review_age_days": 400
}
},
"id": 3
}