This table shows the 27 compliance areas where DORA and NIS2 controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | DORA | NIS2 |
|---|---|---|
| Encryption | ict-10 | nis2-cr-01 |
| Access Control | ict-11 | nis2-hr-02 |
| Identity Management | ict-11 | nis2-hr-02 |
| Authentication & MFA | ict-11 | nis2-mf-01 |
| Network Security | ict-09 | nis2-ch-01 |
| Vulnerability Management | ict-12 | nis2-ss-02 |
| Logging & Monitoring | ict-14 | nis2-ea-02 |
| Incident Management | inc-01 | nis2-ih-01 |
| Incident Classification | inc-03, inc-04 | nis2-ih-03 |
| Incident Reporting | inc-05, inc-06 | nis2-ih-02 |
| Incident Response Team | inc-09 | nis2-ih-01 |
| Post-Incident Review | inc-08 | nis2-ih-04 |
| Business Continuity | ict-15 | nis2-bc-01 |
| Backup & Restoration | ict-16 | nis2-bc-02 |
| Crisis Management | ict-19 | nis2-bc-03 |
| Third-Party Risk Management | tpr-01 | nis2-sc-01 |
| Supplier Due Diligence | tpr-03 | nis2-sc-02 |
| Supplier Contracts | tpr-06, tpr-07 | nis2-sc-03 |
| Supplier Monitoring | tpr-04 | nis2-sc-04 |
| Risk Assessment | ict-07 | nis2-ra-02, nis2-ra-03 |
| Information Security Policy | ict-08 | nis2-ra-01 |
| Security Awareness & Training | ict-18 | nis2-ch-02 |
| Change Management | ict-13 | nis2-ss-04 |
| Security Testing | res-01 | nis2-ea-01 |
| Penetration Testing | res-04 | nis2-ea-01 |
| Breach Notification | inc-05 | nis2-ih-02 |
| Human Oversight | ict-01 | nis2-ra-06 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.