Podpisane dowody techniczne
dla 6 frameworków regulacyjnych.
NIS2, ENS, ISO 27001, PCI-DSS, HIPAA i DORA. Itamite automatycznie generuje techniczne dowody zgodności z danych agenta, podpisane SHA-256 i publicznie weryfikowalne.
Problem ręcznej zgodności
Audyt NIS2 lub ENS wymaga konkretnych dowodów technicznych: że każde urządzenie ma aktywne szyfrowanie dysku, zaktualizowany antywirus, aktualne łatki, kontrolowane konta administratora, niezmienne logi… dla każdego zasobu floty.
Robienie tego ręcznie oznacza: arkusze kalkulacyjne, zrzuty ekranu, wynajem konsultacji za 10 000-30 000 €, powtarzanie procesu przy każdym odnowieniu.
Itamite robi to automatycznie i w czasie rzeczywistym. Kiedy przychodzi audytor, generujesz podpisany raport w 30 sekund.
6 najbardziej pożądanych standardów w Europie
Każdy framework ma swoje kontrole zmapowane do danych zbieranych przez agenta.
NIS2 (EU Directive 2022/2555)
Mandatory since October 2024 for essential and important entities: energy, transport, healthcare, banking, digital public sector, water, food, chemicals, critical manufacturing, ICT managers.
Itamite covers:- Art. 21.2.a — Risk analysis (full inventory)
- Art. 21.2.b — Incident management (immutable audit)
- Art. 21.2.d — Supply chain security (SBOM)
- Art. 21.2.e — Maintenance (patches, EOL)
- Art. 21.2.f — Effectiveness of measures (measurable posture)
- Art. 21.2.g — Basic hygiene (AV, firewall, screen lock)
- Art. 21.2.h — Encryption (disk_encrypted, TPM, Secure Boot)
- Art. 21.2.i — Access control (admin accounts, MFA)
ENS (Spanish RD 311/2022)
National Security Scheme. Mandatory for Spanish public sector and critical providers. Three categories: Basic, Medium, High.
Covered families:- mp.eq — Equipment protection
- op.exp — Operations
- mp.com — Communications protection
- op.acc — Access control
- mp.s — Service protection
Reports valid for CCN-CERT audit and ENS certification by accredited body.
ISO/IEC 27001:2022
International information security management standard. Voluntary certification by accredited body.
Annex A — Controls covered:- A.5.10, A.5.16, A.5.18 — Access and authentication
- A.8.1 — Asset inventory
- A.8.7 — Malware protection
- A.8.8 — Technical vulnerability management
- A.8.9 — Configuration management
- A.8.11 — Data encryption
- A.8.16 — Monitoring activities
PCI-DSS v4.0
Mandatory for any company that processes, stores or transmits payment card data.
Requirements covered:- Req. 5 — Antimalware protection (AV, EDR)
- Req. 6 — Secure systems and apps (patches)
- Req. 7 — Function-based access restriction
- Req. 8 — Identification and authentication
- Req. 10 — Access logging and monitoring
- Req. 11.5 — Unauthorized change detection
HIPAA Security Rule
For US entities managing health information (PHI): hospitals, clinics, medical insurers and their business associates.
Technical safeguards covered:- §164.312(a) — Access control
- §164.312(b) — Audit controls
- §164.312(c) — Integrity
- §164.312(d) — Person/entity authentication
- §164.312(e) — Transmission security
DORA (EU Regulation 2022/2554)
Digital operational resilience. In force since January 2025 for EU financial entities.
Itamite covers:- Art. 5-15 — ICT risk management framework
- Art. 9 — Protection and prevention
- Art. 10 — Detection
- Art. 11 — Response and recovery
- Art. 17-23 — ICT incident management
- Art. 28-30 — Third-party ICT risk
Z danych agenta do podpisanego PDF
4 automatyczne kroki. Zero arkuszy kalkulacyjnych.
Agent reports 25+ technical controls
On every heartbeat (15 min by default), the Itamite agent sends the real status of 25+ security controls: disk encryption, AV installed and updated, pending patches, firewall, admin accounts, screen lock, TPM, Secure Boot, SMB config, RDP NLA, USB storage, Office macros, BitLocker.
Itamite maps each control to the active framework
When you activate a framework (e.g. NIS2 + ENS + ISO 27001), Itamite automatically maps each agent data point to the corresponding article/control. One technical data point, multiple compliance.
Real-time status with percentage and gaps
The console shows current status: for each regulatory control, how many assets comply and which fail, with the exact technical value. Continuous preventive audit.
Generate the signed PDF in 30 seconds
Button "Generate report" → select framework + period → downloadable PDF with: global compliance percentage, status of each control with technical evidence per asset, documented exceptions, and SHA-256 signature publicly verifiable at itamite.com/verify.
SHA-256 weryfikowalne przez audytora
Każdy PDF generowany przez Itamite niesie w stopce hash SHA-256.
Aby zweryfikować integralność raportu:
- Your auditor goes to https://itamite.com/verify (public access without login).
- Drags the PDF to the verification area or enters the hash manually.
- Itamite confirms if the hash matches the immutable audit record and shows: tenant that generated it, user who requested it, UTC timestamp.
Jeśli ktoś manipuluje choćby jednym znakiem PDF, hash przestaje pasować.
Akceptowane jako dowód techniczny przez główne organy certyfikujące.
Czego Itamite NIE pokrywa
Nie sprzedajemy dymu. To musisz wnieść ty.
- Written policies: NIS2/ENS/ISO require organizational documentation (security policy, acceptable use policy, incident policy). Itamite handles the technical part; written policies are provided by you or your DPO.
- Personnel training and awareness: frameworks require demonstrable employee training. Itamite is not a training platform.
- Risk analysis: formal risk analysis (MAGERIT, ISO 27005) is done by your team or consultant.
- Business continuity (BCM): continuity and recovery plans are out of Itamite's scope.
- External audit: Itamite generates technical evidence. The audit itself (ISO 27001, ENS) is performed by an independent accredited body.
Podsumowując: Itamite to techniczny kawałek zgodności. Pokrywamy ~70% typowego projektu NIS2/ENS.
Audyt NIS2 lub ENS w tym roku?
Demo 45 min z prawdziwym przypadkiem z twojego sektora.