SaaSFort
Use case · NIS2 / BSI

External security scan for NIS2 registration and BSI

If you are an in-scope NIS2 entity, the regulator expects demonstrable progress on the Article 21 measures, not a single perfect snapshot. A scan of your external posture produces a dated, control-mapped artifact you can file alongside your registration or hand over if the BSI asks what you have done. It is the fastest way to put evidence behind your Article 21 claims.

Scan your domain free (60s) €39 Audit Pack

What the scan proves here

Article 21 external-posture evidence

TLS, encryption in transit, and exposed-service findings map directly to Article 21(2) technical measures.

Demonstrable progress over time

Re-scans across 90 days show a regulator that you are improving, which is what the supervisory model rewards.

A dated, filed artifact

A timestamped PDF is something you can attach to a registration record or produce on request, rather than describing your controls from memory.

German specificity

Findings are framed for the BSI context and §38 BSIG management oversight, not generic global compliance.

Why it matters

In Germany, §38 BSIG makes managing directors personally liable for cybersecurity oversight, and the supervisory authority can audit on demand. A dated external-posture report is concrete evidence that oversight is happening.

Turn the scan into a dated PDF for €39

The free scan shows your grade on screen. The Audit Pack adds the control-mapped PDF, 90 days of re-scans, and a dated attestation, the artifacts this situation actually calls for.

Get the €39 Audit Pack Run my free scan first

Frequently asked questions

Is a scan enough for NIS2 compliance?

No. NIS2 Article 21 covers governance, supply chain, training, and incident reporting that a scan does not touch. The scan covers the externally-observable technical measures, which is one defensible part of the picture and the fastest to evidence.

What do I file with the BSI?

Registration itself is a separate filing. The scan report is supporting evidence: a dated artifact showing your external posture against Article 21 measures, useful if the authority asks what you have implemented.

Other scan use cases: Vendor questionnaire ·SOC 2 prep ·Enterprise sales ·M&A diligence