Are Your Macs NIS2 Ready?

Take the Free Self Assessment

In many organisations, Mac devices are deployed strategically, often focused on specific tasks that benefit from their capabilities. But with the NIS2 Directive now in effect, these Macs are just as vital to your cybersecurity strategy as any other device. Overlooking them could leave a serious gap in your compliance armour. Ensuring they meet these standards is key to safeguarding your organisation’s overall security and compliance posture.

This short survey is designed to give you a clear understanding of how well your Mac devices align with NIS2 requirements. By evaluating key areas like access control, patch management, and data protection, we can help you identify potential gaps and opportunities for improvement.

Once you complete the survey, you’ll receive a customised report with actionable recommendations tailored to your organisation’s needs. To help you take the next steps, one of our NIS2 experts will provide a free follow-up consultation, offering insights and guidance on implementing these recommendations effectively.

Complete the survey today to confirm your Mac devices are NIS2 compliant and prepared for the evolving cybersecurity landscape.

Learn more

- Step 1 of 7

Contact Information

Layout

First Name *

Job Title *

Work Phone *

Last Name *

Organisation *

Work Email *

Identify

This section assesses your organisation's ability to identify and understand cybersecurity risks related to Mac devices, including their systems, users, data, and capabilities.

Are Mac devices covered by your organisation’s information and cybersecurity policies, ensuring they are documented, reviewed, and updated when necessary? *

Yes, Mac devices are fully covered by our policies and procedures
Partially, but some aspects are not documented or reviewed regularly
No, Mac devices are not included in our information and cybersecurity policies
Not sure

Does your organisation have a process in place to monitor, identify, and document vulnerabilities and weaknesses in Mac devices? *

Yes, we have a formal process that covers all these areas
Partially, but some areas are not consistently monitored or documented
No, we do not have a formal process for Mac device vulnerabilities
Not sure

Has your organisation clearly determined its risk tolerance for Mac devices, particularly in the context of NIS2? *

Yes, we have a clearly defined risk tolerance for Mac devices
We are in the process of defining it
No, we have not defined a risk tolerance for Mac devices
Not sure

Protect

This section evaluates the safeguards in place to mitigate or contain cyber risks specific to Mac devices.

Are the Mac devices in your organisation enrolled in your Unified Endpoint Management (UEM) solution and therefore managed according to your security policies? *

Yes, all Mac devices are fully enrolled in the MDM/UEM solution and managed in compliance with our organisation’s security policies
Yes, but only some Mac devices are enrolled in the MDM/UEM solution and managed according to our security policies
No, but we are planning to enroll Mac devices in the MDM/UEM solution
No, Mac devices are not enrolled in the MDM/UEM solution and are not currently managed according to security policies
Not sure

How do you manage access control for your Mac devices to protect critical network systems? *

Multi-factor authentication (MFA) for all users
Access based on user roles with least privilege principles
Centralised identity and access management (IAM) system
Biometric authentication (e.g., Touch ID)
No formal access control policy in place
Not sure

Are your Mac users required to use a VPN when accessing the organisation’s critical systems environment remotely? *

Yes, all Mac users must use a VPN for remote access on public Wi-Fi
Some Mac users use a VPN, but it’s not mandatory for all
No, Mac users are not required to use a VPN
Not sure

How is network traffic for your Mac devices monitored for potential security incidents? *

Continuous 24/7 monitoring
Regular scheduled checks
Incident reporting only during business hours
No formal monitoring for Mac devices
Not sure

Is your organisation using an identity and access management (IAM) solution to manage access permissions and authorisations for Mac devices, ensuring that the principles of least privilege and separation of duties are incorporated? *

Yes, we use an IAM solution and fully implement least privilege and separation of duties
Yes, we use an IAM solution, but least privilege and separation of duties are only partially implemented
No, we do not use an IAM solution, but we manage permissions manually
No, we do not have a formal process for managing access permissions and authorisations
Not sure

Do you have firewall configurations in place on your Macs to limit network access? *

Yes, all Mac devices have firewalls configured with strict access rules
Firewalls are enabled on Mac devices but with default settings
Firewalls are only used on certain Mac devices
No firewall configurations are in place on Mac devices
Not sure

Is there a policy in place that requires the use of encryption for both data-at-rest and data-in-transit on Mac devices? *

Yes, we have a comprehensive encryption policy for both data-at-rest and data-in-transit
Yes, but it only covers either data-at-rest or data-in-transit, not both
No, but we are planning to implement an encryption policy
No, we do not have an encryption policy in place
Not sure

What actions is your organisation taking to prevent data leaks on Mac devices? *

Restricted access rights
Daily backups
Data encryption
Installation of firewalls
Regular security audits and vulnerability assessments
Multi-factor authentication
Monitoring and logging of network activity
Employee training
Regular software updates and patches
None of the above
Not sure

Has your organisation developed, documented, and maintained a baseline configuration for its Mac devices, incorporating key security principles such as least functionality? *

Yes, we have a comprehensive baseline configuration for all Mac devices, including current version numbers, patch information, configuration settings, and network topology
Yes, but the baseline configuration is only partially documented for some Mac devices
No, but we are planning to implement and document a baseline configuration for Mac devices
No, we have not developed or documented a baseline configuration for our Mac devices
Not sure

Do you have patch management in place to ensure your macOS and app titles are consistently updated to the latest versions? *

Yes, automated patch management is fully in place for both macOS and applications
Patch management is in place, but some apps are updated manually
Patched are applied manually for both macOS and applications
No patch management system is currently in place
Not sure

How quickly do you apply critical security patches to your Mac devices after they are released? *

Within 24 hours or release
Within 1 week of release
Within 1 month of release
Patches are applied irregularly with no set timeframe
Not sure

Do you use a custom Software Update Server to control which macOS and app updates are approved and deployed to your Mac devices? *

Yes, we use a custom Software Update Server to whitelist and manage approved updates
Some updates are managed through a custom server, but not all
Updates are approved manually without a custom server
No custom Software Update Server in place
Not sure

Do you use a tool to monitor macOS upgrades in real-time, ensuring your Mac fleet is always running the latest and most secure version? *

Yes, real-time monitoring is in place for the entire Mac fleet
Monitoring is in place, but it’s not real-time or comprehensive
Monitoring is done manually or periodically
No monitoring tool in place for macOS updates
Not sure

Do you have a rollback or recovery procedure in place in case an update causes issues on your Mac devices? *

Yes, we have a robust rollback plan for any failed updates
Rollback options are available but not always reliable
Rollback options are limited or difficult to implement
No rollback or recovery plan in place for update failures
Not sure

Does your organisation have a process in place for managing audit/log records on Mac devices, ensuring they are determined, documented, implemented, and regularly reviewed in accordance with policy*? *

Yes, all of the below measures are fully implemented for Mac devices
Some measures are in place for Mac devices, but not all are consistently implemented
No, these measures are not currently in place for Mac devices
Not sure

This includes: Enabling logging functionality on security systems for Mac devices (e.g., firewalls, antivirus software) - Backing up and retaining logs from Mac devices for a predefined period - Reviewing logs from Mac devices for unusual trends, such as repeated malware detections or unusual network activity

Detect

This section assesses your organisation's ability to detect cybersecurity events related to Mac devices in a timely manner.

How does your organisation manage the collection and correlation of security event data from Mac devices to ensure compliance with NIS2? Please select all that apply *

Logging functionality on protection/detection systems (e.g., firewalls, antivirus) for Mac devices is enabled
Logs from Mac devices, including network traffic, access attempts, and malware detections, are regularly backed up and saved for a predefined period
Logs from Mac devices are reviewed for unusual or unwanted trends, such as repeated malware detections or abnormal user activity
Event data from multiple sources (e.g., network traffic, system logs, audit monitoring, physical access logs, and user/administrator activity reports) is compiled and correlated for Mac devices
None of the above measures are currently in place for Mac devices
Not sure

How does your organisation manage malware protection on Mac devices, including protection against viruses, spyware, and ransomware? Please select all that apply: *

Anti-virus, anti-spyware, and other anti-malware programs are installed on most Mac devices, with regular updates applied
Anti-virus and anti-spyware software on Mac devices is configured to check for updates in real-time or at least daily, followed by system scans
Malware protection is applied to some personal devices (e.g., BYOD) and home computers used for teleworking, but not consistently
Mac devices are periodically scanned for malware, though not as frequently as recommended
Malware protection measures for Mac devices are in development or not fully implemented yet
No malware protection measures have been put in place for Mac devices
Not sure

Respond

This section evaluates the controls in place to respond effectively to cybersecurity incidents involving Mac devices.

Has your organisation established and maintained response and recovery plans for Mac devices and broader network systems? *

Yes, response and recovery plans are fully established, regularly reviewed, updated, and tested
Partially, we have plans in place, but they are not regularly reviewed or tested
No, we do not have formal response and recovery plans established
Not sure

How does your organisation ensure that security incidents on Mac devices are properly analysed and categorised to support effective response and recovery? Please select all that apply: *

Notifications from detection systems on Mac devices are investigated promptly to understand the nature of the incident
The impact of security incidents on Mac devices is thoroughly assessed through detailed analysis, including correlation with risk assessments
Security incidents on Mac devices are categorised based on severity and impact, in line with the incident response plan
The organisation has processes in place to receive, analyse, and respond to vulnerabilities disclosed from both internal and external sources (e.g., internal testing, security bulletins, or external researchers)
None of the above measures are currently in place for Mac devices
Not sure

How does your organisation manage cybersecurity incidents on Mac devices to prevent their escalation, mitigate their impact, and resolve them effectively? Please select all that apply: *

The organisation has processes in place to contain incidents on Mac devices to prevent further expansion
Incident mitigation measures are implemented to reduce the effects of cybersecurity incidents on Mac devices
Newly identified vulnerabilities on Mac devices are either mitigated or documented as accepted risks, based on the organisation’s risk assessment
The incident handling process for Mac devices includes preparation, detection, containment, recovery, and documented risk acceptance
None of the above measures are currently in place for Mac devices
Not sure

Recover

This section assesses the safeguards in place to maintain resilience and restore services on Mac devices following a cybersecurity incident.

How does your organisation handle security incident reporting for Mac devices? Please select the most appropriate option: *

Incidents are reported immediately via an automated system.
Incidents are manually reported within a defined timeframe
Incidents are only reported when a significant breach occurs
No formal incident reporting system is in place for Mac devices
Not sure

How does your organisation coordinate restoration activities and manage communication with internal and external stakeholders during the recovery from a cybersecurity incident affecting Mac devices? Please select all that apply: *

Restoration activities are coordinated with internal and external parties, such as Internet Service Providers (ISPs), vendors, and other relevant stakeholders
Public relations activities are centrally managed, including handling media requests, coordinating interviews, and ensuring that communications align with the organisation’s public relations and privacy policies
Recovery activities are communicated to executive and management teams, as well as predefined internal and external stakeholders
These measures are partially in place or currently being developed for Mac devices
None of the above measures are currently in place for Mac devices
Not sure

Consent to Use Feedback

GDPR Agreement *

I consent to this website storing my submitted information to create a personalised report with recommendations for achieving NIS2 compliance.

Please read our Privacy Policy to learn how your feedback will be used and protected.