annex-implementing-regulation-of-nis2-on-t-m.yaml

urn: urn:intuitem:risk:library:annex-technical-and-methodological-requirements-nis2
locale: en
ref_id: 'Annex-to-the-Implementing-Regulation-of-NIS2-on-Technical-and-methodological-requirements '
name: NIS2 technical and methodological requirements 2024/2690
description: ANNEX to the Commission Implementing Regulation laying down rules for
  the application of Directive (EU) 2022/2555 as regards technical and methodological
  requirements of cybersecurity risk-management measures and further specification
  of the cases in which an incident is considered to be significant with regard to
  DNS service providers, TLD name registries, cloud computing service providers, data
  centre service providers, content delivery network providers, managed service providers,
  managed security service providers, providers of online market places, of online
  search engines and of social networking services platforms, and trust service providers
copyright: EUROPEAN COMMISSION
version: 4
publication_date: 2024-10-26
provider: EUROPEAN COMMISSION
packager: intuitem
translations:
  es:
    name: "NIS2: Requisitos t\xE9cnicos y metodol\xF3gicos - ANEXO REGLAMENTO DE EJECUCI\xD3\
      N (UE) 2024/2690"
    description: "ANEXO del Reglamento de Ejecuci\xF3n de la Comisi\xF3n por el que\
      \ se establecen -seg\xFAn el art\xEDculo 2- las disposiciones de aplicaci\xF3\
      n de la Directiva (UE) 2022/2555 en lo que respecta a los requisitos t\xE9cnicos\
      \ y metodol\xF3gicos de las medidas para la gesti\xF3n de riesgos de ciberseguridad.\
      \ Link: https://eur-lex.europa.eu/legal-content/ES/TXT/HTML/?uri=OJ:L_202402690"
    copyright: COMISION EUROPEA
  cs:
    name: "NIS2: technick\xE9 a metodick\xE9 po\u017Eadavky 2024/2690"
    description: "Prov\xE1d\u011Bc\xED na\u0159\xEDzen\xED 2024/2690 kter\xFDm se\
      \ stanov\xED pravidla pro uplat\u0148ov\xE1n\xED sm\u011Brnice (EU) 2022/2555,\
      \ pokud jde o technick\xE9 a metodick\xE9 po\u017Eadavky na opat\u0159en\xED\
      \ k \u0159\xEDzen\xED kybernetick\xFDch bezpe\u010Dnostn\xEDch rizik a bli\u017E\
      \u0161\xED up\u0159esn\u011Bn\xED p\u0159\xEDpad\u016F, v nich\u017E se incident\
      \ pova\u017Euje za v\xFDznamn\xFD, pokud jde o provozovatele DNS, registry dom\xE9\
      n nejvy\u0161\u0161\xED \xFArovn\u011B, poskytovatele slu\u017Eeb cloud computingu,\
      \ poskytovatele slu\u017Eeb datov\xFDch center, poskytovatele s\xEDt\xED pro\
      \ doru\u010Dov\xE1n\xED obsahu, poskytovatele \u0159\xEDzen\xFDch slu\u017E\
      eb, poskytovatele \u0159\xEDzen\xFDch bezpe\u010Dnostn\xEDch slu\u017Eeb, poskytovatele\
      \ on-line tr\u017Ei\u0161\u0165, internetov\xFDch vyhled\xE1va\u010D\u016F a\
      \ slu\u017Eeb platforem soci\xE1ln\xEDch s\xEDt\xED a poskytovatele slu\u017E\
      eb vytv\xE1\u0159ej\xEDc\xEDch d\u016Fv\u011Bru. https://eur-lex.europa.eu/legal-content/CS/TXT/HTML/?uri=OJ:L_202402690"
    copyright: "EVROPSK\xC1 KOMISE"
objects:
  framework:
    urn: urn:intuitem:risk:framework:annex-technical-and-methodological-requirements-nis2
    ref_id: 'Annex-to-the-Implementing-Regulation-of-NIS2-on-Technical-and-methodological-requirements '
    name: NIS2 technical and methodological requirements 2024/2690
    description: ANNEX to the Commission Implementing Regulation laying down rules
      for the application of Directive (EU) 2022/2555 as regards technical and methodological
      requirements of cybersecurity risk-management measures and further specification
      of the cases in which an incident is considered to be significant with regard
      to DNS service providers, TLD name registries, cloud computing service providers,
      data centre service providers, content delivery network providers, managed service
      providers, managed security service providers, providers of online market places,
      of online search engines and of social networking services platforms, and trust
      service providers
    translations:
      es:
        name: "NIS2: Requisitos t\xE9cnicos y metodol\xF3gicos - ANEXO REGLAMENTO\
          \ DE EJECUCI\xD3N (UE) 2024/2690"
        description: "ANEXO del Reglamento de Ejecuci\xF3n de la Comisi\xF3n por el\
          \ que se establecen -seg\xFAn el art\xEDculo 2- las disposiciones de aplicaci\xF3\
          n de la Directiva (UE) 2022/2555 en lo que respecta a los requisitos t\xE9\
          cnicos y metodol\xF3gicos de las medidas para la gesti\xF3n de riesgos de\
          \ ciberseguridad. Link: https://eur-lex.europa.eu/legal-content/ES/TXT/HTML/?uri=OJ:L_202402690"
      cs:
        name: "NIS2: technick\xE9 a metodick\xE9 po\u017Eadavky 2024/2690"
        description: "Prov\xE1d\u011Bc\xED na\u0159\xEDzen\xED 2024/2690 kter\xFD\
          m se stanov\xED pravidla pro uplat\u0148ov\xE1n\xED sm\u011Brnice (EU) 2022/2555,\
          \ pokud jde o technick\xE9 a metodick\xE9 po\u017Eadavky na opat\u0159en\xED\
          \ k \u0159\xEDzen\xED kybernetick\xFDch bezpe\u010Dnostn\xEDch rizik a bli\u017E\
          \u0161\xED up\u0159esn\u011Bn\xED p\u0159\xEDpad\u016F, v nich\u017E se\
          \ incident pova\u017Euje za v\xFDznamn\xFD, pokud jde o provozovatele DNS,\
          \ registry dom\xE9n nejvy\u0161\u0161\xED \xFArovn\u011B, poskytovatele\
          \ slu\u017Eeb cloud computingu, poskytovatele slu\u017Eeb datov\xFDch center,\
          \ poskytovatele s\xEDt\xED pro doru\u010Dov\xE1n\xED obsahu, poskytovatele\
          \ \u0159\xEDzen\xFDch slu\u017Eeb, poskytovatele \u0159\xEDzen\xFDch bezpe\u010D\
          nostn\xEDch slu\u017Eeb, poskytovatele on-line tr\u017Ei\u0161\u0165, internetov\xFD\
          ch vyhled\xE1va\u010D\u016F a slu\u017Eeb platforem soci\xE1ln\xEDch s\xED\
          t\xED a poskytovatele slu\u017Eeb vytv\xE1\u0159ej\xEDc\xEDch d\u016Fv\u011B\
          ru. https://eur-lex.europa.eu/legal-content/CS/TXT/HTML/?uri=OJ:L_202402690"
    requirement_nodes:
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1
      assessable: false
      depth: 1
      ref_id: '1'
      name: POLICY ON THE SECURITY OF NETWORK AND INFORMATION SYSTEMS (ARTICLE 21(2),
        POINT (A) OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "POL\xCDTICA SOBRE LA SEGURIDAD DE LOS SISTEMAS DE REDES Y DE INFORMACI\xD3\
            N [Art\xEDculo 21, Apartado 2, Letra A), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: " Politika bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F (\u010Dl. 21 odst. 2 p\xEDsm. a) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1
      ref_id: '1.1'
      name: Policy on the security of network and information systems
      translations:
        es:
          name: "Pol\xEDtica sobre la seguridad de las redes y sistemas de informaci\xF3\
            n"
          description: null
        cs:
          name: "Politika bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1
      ref_id: 1.1.1
      description: 'For the purpose of Article 21(2), point (a) of Directive (EU)
        2022/2555, the policy on the security of network and information systems shall:'
      translations:
        es:
          name: null
          description: "A efectos del art\xEDculo 21, apartado 2, letra a), de la\
            \ Directiva (UE) 2022/2555, la pol\xEDtica de seguridad de los sistemas\
            \ de redes y de informaci\xF3n:"
        cs:
          name: null
          description: "\tPro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. a) sm\u011B\
            rnice (EU) 2022/2555 politika bezpe\u010Dnosti s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.a
      description: "set out the relevant entities\u2019 approach to managing the security\
        \ of their network and information systems;"
      translations:
        es:
          name: null
          description: "determinar\xE1 el enfoque de las entidades pertinentes para\
            \ gestionar la seguridad de sus sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "stanov\xED p\u0159\xEDstup p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            \ k \u0159\xEDzen\xED bezpe\u010Dnosti jejich s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.b
      description: "be appropriate to and complementary with the relevant entities\u2019\
        \ business strategy and objectives;"
      translations:
        es:
          name: null
          description: "se adecuar\xE1 a la estrategia y los objetivos operativos\
            \ de las entidades pertinentes y los completar\xE1;"
        cs:
          name: null
          description: "odpov\xEDd\xE1 obchodn\xED strategii a c\xEDl\u016Fm p\u0159\
            \xEDslu\u0161n\xFDch subjekt\u016F a dopl\u0148uje je;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.c
      description: set out network and information security objectives;
      translations:
        es:
          name: null
          description: "establecer\xE1 los objetivos de seguridad de las redes y de\
            \ la informaci\xF3n;"
        cs:
          name: null
          description: "stanov\xED c\xEDle bezpe\u010Dnosti s\xEDt\xED a informac\xED\
            ;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.d
      description: include a commitment to continual improvement of the security of
        network and information systems;
      translations:
        es:
          name: null
          description: "se comprometer\xE1 a mejorar constantemente la seguridad de\
            \ los sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "obsahuje z\xE1vazek k neust\xE1l\xE9mu zlep\u0161ov\xE1n\xED\
            \ bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.e
      description: include a commitment to provide the appropriate resources needed
        for its implementation, including the necessary staff, financial resources,
        processes, tools and technologies;
      translations:
        es:
          name: null
          description: "se comprometer\xE1 a facilitar los recursos oportunos para\
            \ su aplicaci\xF3n, incluidos el personal, los recursos financieros, los\
            \ procedimientos, las herramientas y las tecnolog\xEDas que se necesiten;"
        cs:
          name: null
          description: "obsahuje z\xE1vazek poskytnout odpov\xEDdaj\xEDc\xED zdroje\
            \ pot\u0159ebn\xE9 pro jej\xED proveden\xED, v\u010Detn\u011B pot\u0159\
            ebn\xFDch zam\u011Bstnanc\u016F, finan\u010Dn\xEDch zdroj\u016F, postup\u016F\
            , n\xE1stroj\u016F a technologi\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.f
      description: be communicated to and acknowledged by relevant employees and relevant
        interested external parties;
      translations:
        es:
          name: null
          description: "ser\xE1 comunicada a los empleados y partes externas que proceda,\
            \ que deber\xE1n aprobarla;"
        cs:
          name: null
          description: "je sd\u011Blena p\u0159\xEDslu\u0161n\xFDm zam\u011Bstnanc\u016F\
            m a dot\u010Den\xFDm z\xFA\u010Dastn\u011Bn\xFDm extern\xEDm stran\xE1\
            m a je jimi uzn\xE1na;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.g
      description: lay down roles and responsibilities pursuant to point 1.2.;
      translations:
        es:
          name: null
          description: "presentar\xE1 los roles y responsabilidades con arreglo al\
            \ punto 1.2;"
        cs:
          name: null
          description: "stanov\xED role a odpov\u011Bdnosti podle bodu 1.2.;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.h
      description: list the documentation to be kept and the duration of retention
        of the documentation;
      translations:
        es:
          name: null
          description: "detallar\xE1 la documentaci\xF3n que debe conservarse y la\
            \ duraci\xF3n del per\xEDodo de conservaci\xF3n;"
        cs:
          name: null
          description: "uv\xE1d\xED seznam dokumentace, kter\xE1 m\xE1 b\xFDt uchov\xE1\
            v\xE1na, a dobu jej\xEDho uchov\xE1v\xE1n\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.i
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.i
      description: list the topic-specific policies;
      translations:
        es:
          name: null
          description: "enumerar\xE1 las pol\xEDticas espec\xEDficas;"
        cs:
          name: null
          description: "uv\xE1d\xED seznam politik specifick\xFDch pro toto t\xE9\
            ma;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.j
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.j
      description: "lay down indicators and measures to monitor its implementation\
        \ and the current status of relevant entities\u2019 maturity level of network\
        \ and information security;"
      translations:
        es:
          name: null
          description: "fijar\xE1 indicadores y medidas para supervisar su aplicaci\xF3\
            n y el estado actual del nivel de madurez de la seguridad de las redes\
            \ y de la informaci\xF3n de las entidades pertinentes;"
        cs:
          name: null
          description: "stanov\xED ukazatele a opat\u0159en\xED ke sledov\xE1n\xED\
            \ jej\xEDho prov\xE1d\u011Bn\xED a aktu\xE1ln\xEDho stavu \xFArovn\u011B\
            \ vysp\u011Blosti bezpe\u010Dnosti s\xEDt\xED a informac\xED p\u0159\xED\
            slu\u0161n\xFDch subjekt\u016F;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1.k
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.1
      ref_id: 1.1.1.k
      description: "indicate the date of the formal approval by the management bodies\
        \ of the relevant entities (the \u2018management bodies\u2019)."
      translations:
        es:
          name: null
          description: "indicar\xE1 la fecha de la aprobaci\xF3n formal por parte\
            \ de los \xF3rganos de direcci\xF3n de las entidades pertinentes [en adelante,\
            \ \xAB\xF3rgano(s) de direcci\xF3n\xBB]."
        cs:
          name: null
          description: "uv\xE1d\xED datum form\xE1ln\xEDho schv\xE1len\xED \u0159\xED\
            d\xEDc\xEDmi org\xE1ny p\u0159\xEDslu\u0161n\xFDch subjekt\u016F (d\xE1\
            le jen \u201E\u0159\xEDd\xEDc\xED org\xE1ny\u201C)."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.1
      ref_id: 1.1.2
      description: The network and information system security policy shall be reviewed
        and, where appropriate, updated by management bodies at least annually and
        when significant incidents or significant changes to operations or risks occur.
        The result of the reviews shall be documented.
      translations:
        es:
          name: null
          description: "El \xF3rgano de direcci\xF3n revisar\xE1 y, cuando proceda,\
            \ actualizar\xE1 la pol\xEDtica de seguridad de los sistemas de redes\
            \ y de informaci\xF3n al menos una vez al a\xF1o, as\xED como cuando se\
            \ produzcan incidentes significativos o cambios significativos en las\
            \ operaciones o los riesgos. Los resultados de las revisiones quedar\xE1\
            n documentados."
        cs:
          name: null
          description: "Bezpe\u010Dnostn\xED politiku v oblasti s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F \u0159\xEDd\xEDc\xED org\xE1ny p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED nejm\xE9\
            n\u011B ka\u017Ed\xFD rok a v\u017Edy v p\u0159\xEDpad\u011B v\xFDskytu\
            \ v\xFDznamn\xFDch incident\u016F nebo v\xFDznamn\xFDch zm\u011Bn operac\xED\
            \ \u010Di rizik. V\xFDsledky p\u0159ezkum\u016F se zdokumentuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1
      ref_id: '1.2'
      name: Roles, responsibilities and authorities
      translations:
        es:
          name: Roles, responsabilidades y autoridades
          description: null
        cs:
          name: "\xDAkoly, odpov\u011Bdnosti a pravomoci"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.1
      description: "As part of their policy on the security of network and information\
        \ systems referred to in point 1.1., the relevant entities shall lay down\
        \ responsibilities and authorities for network and information system security\
        \ and assign them to roles, allocate them according to the relevant entities\u2019\
        \ needs, and communicate them to the management bodies."
      translations:
        es:
          name: null
          description: "Como parte de la pol\xEDtica de seguridad de los sistemas\
            \ de redes y de informaci\xF3n a que hace referencia el punto 1.1, las\
            \ entidades pertinentes determinar\xE1n las responsabilidades y autoridades\
            \ en materia de seguridad de los sistemas de redes y de informaci\xF3\
            n y las asignar\xE1n a distintos roles, las repartir\xE1n en funci\xF3\
            n de las necesidades de la entidad y se las comunicar\xE1n a los \xF3\
            rganos de direcci\xF3n."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v r\xE1mci sv\xE9 politiky\
            \ bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F uveden\xE9\
            \ v bod\u011B 1.1 stanov\xED odpov\u011Bdnosti a pravomoci v oblasti bezpe\u010D\
            nosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, p\u0159id\u011B\
            l\xED je k \xFAkol\u016Fm, rozd\u011Bl\xED je podle pot\u0159eb p\u0159\
            \xEDslu\u0161n\xFDch subjekt\u016F a sd\u011Bl\xED je \u0159\xEDd\xED\
            c\xEDm org\xE1n\u016Fm."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.2
      description: The relevant entities shall require all personnel and third parties
        to apply network and information system security in accordance with the established
        network and information security policy, topic-specific policies and procedures
        of the relevant entities.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes exigir\xE1n a todo el personal y\
            \ a terceros que apliquen la seguridad de los sistemas de redes y de informaci\xF3\
            n de conformidad con la pol\xEDtica de seguridad de las redes y la informaci\xF3\
            n y las pol\xEDticas espec\xEDficas existentes, as\xED como con los procedimientos\
            \ de las entidades pertinentes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vy\u017Eaduj\xED, aby v\u0161\
            ichni zam\u011Bstnanci a t\u0159et\xED strany uplat\u0148ovali bezpe\u010D\
            nost s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F v souladu se zavedenou\
            \ politikou bezpe\u010Dnosti s\xEDt\xED a informac\xED, tematicky zam\u011B\
            \u0159en\xFDmi politikami a postupy p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.3
      description: At least one person shall report directly to the management bodies
        on matters of network and information system security.
      translations:
        es:
          name: null
          description: "Al menos una persona informar\xE1 directamente a los \xF3\
            rganos de direcci\xF3n sobre cuestiones de seguridad de los sistemas de\
            \ redes y de informaci\xF3n."
        cs:
          name: null
          description: "\u0158\xEDd\xEDc\xEDm org\xE1n\u016Fm je v ot\xE1zk\xE1ch\
            \ bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F p\u0159\
            \xEDmo pod\u0159\xEDzena alespo\u0148 jedna osoba."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.4
      description: Depending on the size of the relevant entities, network and information
        system security shall be covered by dedicated roles or duties carried out
        in addition to existing roles.
      translations:
        es:
          name: null
          description: "En funci\xF3n del tama\xF1o de las entidades pertinentes,\
            \ la seguridad de las redes y los sistemas de informaci\xF3n corresponder\xE1\
            \ a roles o funciones espec\xEDficos que se desempe\xF1ar\xE1n adem\xE1\
            s de los roles existentes."
        cs:
          name: null
          description: "V z\xE1vislosti na velikosti p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            \ spad\xE1 bezpe\u010Dnost s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F pod specializovan\xE9 \xFAkoly nebo povinnosti, kter\xE9 jsou\
            \ vykon\xE1v\xE1ny nad r\xE1mec st\xE1vaj\xEDc\xEDch \xFAkol\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.5
      description: Conflicting duties and conflicting areas of responsibility shall
        be segregated, where applicable.
      translations:
        es:
          name: null
          description: "Aquellos cargos o \xE1reas de responsabilidad que entren en\
            \ conflicto se separar\xE1n, cuando proceda."
        cs:
          name: null
          description: "Koliduj\xEDc\xED povinnosti a protich\u016Fdn\xE9 oblasti\
            \ odpov\u011Bdnosti budou v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech\
            \ odd\u011Bleny."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:1.2
      ref_id: 1.2.6
      description: Roles, responsibilities and authorities shall be reviewed and,
        where appropriate, updated by management bodies at planned intervals and when
        significant incidents or significant changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Los \xF3rganos de direcci\xF3n revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n los roles, responsabilidades y autoridades a intervalos\
            \ planificados, as\xED como cuando se produzcan incidentes significativos\
            \ o cambios significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "\u0158\xEDd\xEDc\xED org\xE1ny \xFAkoly, odpov\u011Bdnosti\
            \ a pravomoci p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuj\xED v pl\xE1novan\xFDch intervalech a p\u0159i v\xFDskytu\
            \ v\xFDznamn\xFDch incident\u016F nebo v\xFDznamn\xFDch zm\u011Bn operac\xED\
            \ \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2
      assessable: false
      depth: 1
      ref_id: '2'
      name: RISK MANAGEMENT POLICY (ARTICLE 21(2), POINT (A) OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "POL\xCDTICA DE GESTI\xD3N DE RIESGOS [Art\xEDculo 21, Apartado 2,\
            \ Letra A), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Politika \u0159\xEDzen\xED rizik (\u010Dl. 21 odst. 2 bod a) sm\u011B\
            rnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2
      ref_id: '2.1'
      name: Risk management framework
      translations:
        es:
          name: "Marco de la gesti\xF3n de riesgos"
          description: null
        cs:
          name: "R\xE1mec pro \u0159\xEDzen\xED rizik"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1
      ref_id: 2.1.1
      description: For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555,
        the relevant entities shall establish and maintain an appropriate risk management
        framework to identify and address the risks posed to the security of network
        and information systems. The relevant entities shall perform and document
        risk assessments and, based on the results, establish, implement and monitor
        a risk treatment plan. Risk assessment results and residual risks shall be
        accepted by management bodies or, where applicable, by persons who are accountable
        and have the authority to manage risks, provided that the relevant entities
        ensure adequate reporting to the management bodies.
      translations:
        es:
          name: null
          description: "A efectos del art\xEDculo 21, apartado 2, letra a), de la\
            \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n\
            \ y mantendr\xE1n un marco de la gesti\xF3n de riesgos adecuado para detectar\
            \ y abordar los riesgos que se planteen para la seguridad de los sistemas\
            \ de redes y de informaci\xF3n. Las entidades pertinentes realizar\xE1\
            n evaluaciones de riesgos cuyos resultados documentar\xE1n y, a partir\
            \ de estos \xFAltimos, establecer\xE1n un plan de tratamiento de riesgos,\
            \ que aplicar\xE1n y supervisar\xE1n. Siempre que las entidades pertinentes\
            \ garanticen una informaci\xF3n adecuada a los \xF3rganos de direcci\xF3\
            n, estos \xFAltimos o, cuando proceda, las personas que sean responsables\
            \ y tengan autoridad para gestionar los riesgos, aprobar\xE1n los resultados\
            \ de la evaluaci\xF3n de riesgos y los riesgos residuales."
        cs:
          name: null
          description: "\tPro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. a) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty z\u0159\xEDd\xED\
            \ a spravuj\xED vhodn\xFD r\xE1mec \u0159\xEDzen\xED rizik, aby identifikovaly\
            \ a \u0159e\u0161ily rizika pro bezpe\u010Dnost s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F. P\u0159\xEDslu\u0161n\xE9 subjekty provedou a\
            \ zdokumentuj\xED posouzen\xED rizik a na z\xE1klad\u011B v\xFDsledk\u016F\
            \ vypracuj\xED, zavedou a sleduj\xED pl\xE1n o\u0161et\u0159en\xED rizik.\
            \ V\xFDsledky posouzen\xED rizik a zbytkov\xE1 rizika p\u0159ij\xEDmaj\xED\
            \ \u0159\xEDd\xEDc\xED org\xE1ny nebo v p\u0159\xEDslu\u0161n\xFDch p\u0159\
            \xEDpadech osoby, kter\xE9 jsou odpov\u011Bdn\xE9 a maj\xED pravomoc \u0159\
            \xEDdit rizika, za p\u0159edpokladu, \u017Ee p\u0159\xEDslu\u0161n\xE9\
            \ subjekty zajist\xED odpov\xEDdaj\xEDc\xED pod\xE1v\xE1n\xED zpr\xE1\
            v \u0159\xEDd\xEDc\xEDm org\xE1n\u016Fm."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1
      ref_id: 2.1.2
      description: "For the purpose of point 2.1.1., the relevant entities shall establish\
        \ procedures for identification, analysis, assessment and treatment of risks\
        \ (\u2018cybersecurity risk management process\u2019). The cybersecurity risk\
        \ management process shall be an integral part of the relevant entities\u2019\
        \ overall risk management process, where applicable. As part of the cybersecurity\
        \ risk management process, the relevant entities shall:"
      translations:
        es:
          name: null
          description: "A los efectos del punto 2.1.1, las entidades pertinentes establecer\xE1\
            n procedimientos para detectar, analizar, evaluar y tratar los riesgos\
            \ (\xABproceso de gesti\xF3n de riesgos de ciberseguridad\xBB). El proceso\
            \ de gesti\xF3n de riesgos de ciberseguridad formar\xE1 parte del proceso\
            \ de gesti\xF3n de riesgos general de la entidad pertinente, seg\xFAn\
            \ proceda. Como parte del proceso de gesti\xF3n de riesgos de ciberseguridad,\
            \ las entidades pertinentes:"
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 2.1.1 p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ stanov\xED postupy pro identifikaci, anal\xFDzu, posouzen\xED a o\u0161\
            et\u0159en\xED rizik (d\xE1le jen \u201Eproces \u0159\xEDzen\xED rizik\
            \ v oblasti kybernetick\xE9 bezpe\u010Dnosti\u201C). Proces \u0159\xED\
            zen\xED rizik v oblasti kybernetick\xE9 bezpe\u010Dnosti mus\xED b\xFD\
            t v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech ned\xEDlnou sou\u010D\
            \xE1st\xED celkov\xE9ho procesu \u0159\xEDzen\xED rizik p\u0159\xEDslu\u0161\
            n\xFDch subjekt\u016F. V r\xE1mci procesu \u0159\xEDzen\xED rizik v oblasti\
            \ kybernetick\xE9 bezpe\u010Dnosti p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.a
      description: follow a risk management methodology;
      translations:
        es:
          name: null
          description: "seguir\xE1n una metodolog\xEDa de gesti\xF3n de riesgos;"
        cs:
          name: null
          description: "dodr\u017Euj\xED metodiku \u0159\xEDzen\xED rizik;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.b
      description: establish the risk tolerance level in accordance with the risk
        appetite of the relevant entities;
      translations:
        es:
          name: null
          description: "establecer\xE1n un nivel de tolerancia al riesgo conforme\
            \ con la propensi\xF3n al riesgo de la entidad;"
        cs:
          name: null
          description: "stanov\xED \xFArove\u0148 tolerance rizika v souladu s ochotou\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F riskovat;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.c
      description: establish and maintain relevant risk criteria;
      translations:
        es:
          name: null
          description: "establecer\xE1n y mantendr\xE1n criterios de riesgo pertinentes;"
        cs:
          name: null
          description: "stanov\xED a spravuj\xED p\u0159\xEDslu\u0161n\xE1 krit\xE9\
            ria rizik;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.d
      description: in line with an all-hazards approach, identify and document the
        risks posed to the security of network and information systems, in particular
        in relation to third parties and risks that could lead to disruptions in the
        availability, integrity, authenticity and confidentiality of the network and
        information systems, including the identification of single point of failures;
      translations:
        es:
          name: null
          description: "de conformidad con un enfoque que abarque todos los riesgos,\
            \ determinar\xE1n y registrar\xE1n todos los riesgos existentes para la\
            \ seguridad de los sistemas de redes y de informaci\xF3n, en especial\
            \ con relaci\xF3n a terceros o a aquellos riesgos que puedan generar alteraciones\
            \ en la disponibilidad, integridad, autenticidad y confidencialidad de\
            \ los sistemas de redes y de informaci\xF3n, incluida la detecci\xF3n\
            \ de puntos \xFAnicos de fallo;"
        cs:
          name: null
          description: "v souladu s p\u0159\xEDstupem zohled\u0148uj\xEDc\xEDm v\u0161\
            echny druhy rizik identifikuj\xED a dokumentuj\xED rizika pro bezpe\u010D\
            nost s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, zejm\xE9na ve\
            \ vztahu ke t\u0159et\xEDm stran\xE1m, a rizika, kter\xE1 by mohla v\xE9\
            st k naru\u0161en\xED dostupnosti, integrity, autenticity a d\u016Fv\u011B\
            rnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, v\u010Detn\u011B\
            \ identifikace kritick\xE9ho m\xEDsta (tzv. single point of failures);"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.e
      description: analyse the risks posed to the security of network and information
        systems, including threat, likelihood, impact, and risk level, taking into
        account cyber threat intelligence and vulnerabilities;
      translations:
        es:
          name: null
          description: "analizar\xE1n los riesgos que se planteen para la seguridad\
            \ de los sistemas de redes y de informaci\xF3n, especialmente la amenaza,\
            \ la probabilidad, el impacto y el nivel de riesgo, teniendo en cuenta\
            \ la inteligencia sobre ciberamenazas y las vulnerabilidades;"
        cs:
          name: null
          description: "analyzuj\xED rizika pro bezpe\u010Dnost s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F, v\u010Detn\u011B hrozby, pravd\u011Bpodobnosti,\
            \ dopadu a \xFArovn\u011B rizika, s p\u0159ihl\xE9dnut\xEDm k informac\xED\
            m o kybernetick\xFDch hrozb\xE1ch a zranitelnostech;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.f
      description: evaluate the identified risks based on the risk criteria;
      translations:
        es:
          name: null
          description: "evaluar\xE1n los riesgos detectados a partir de los criterios\
            \ de riesgo;"
        cs:
          name: null
          description: "vyhodnot\xED identifikovan\xE1 rizika na z\xE1klad\u011B krit\xE9\
            ri\xED rizik;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2;g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2;g
      description: identify and prioritise appropriate risk treatment options and
        measures;
      translations:
        es:
          name: null
          description: "determinar\xE1n y priorizar\xE1n las opciones y medidas adecuadas\
            \ de tratamiento de riesgos;"
        cs:
          name: null
          description: "identifikuj\xED vhodn\xE9 mo\u017Enosti a opat\u0159en\xED\
            \ k o\u0161et\u0159en\xED rizik a stanov\xED po\u0159ad\xED jejich d\u016F\
            le\u017Eitosti;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.h
      description: continuously monitor the implementation of the risk treatment measures;
      translations:
        es:
          name: null
          description: "supervisar\xE1n constantemente la aplicaci\xF3n de las medidas\
            \ de tratamiento de riesgos;"
        cs:
          name: null
          description: "pr\u016Fb\u011B\u017En\u011B sleduj\xED prov\xE1d\u011Bn\xED\
            \ opat\u0159en\xED k o\u0161et\u0159en\xED rizik;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.i
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.i
      description: identify who is responsible for implementing the risk treatment
        measures and when they should be implemented;
      translations:
        es:
          name: null
          description: "determinar\xE1n qui\xE9n es responsable de la aplicaci\xF3\
            n de las medidas de tratamiento de riesgos y cu\xE1ndo deben aplicarse\
            \ estas;"
        cs:
          name: null
          description: "ur\u010D\xED, kdo je odpov\u011Bdn\xFD za prov\xE1d\u011B\
            n\xED opat\u0159en\xED k o\u0161et\u0159en\xED rizik a kdy by tato opat\u0159\
            en\xED m\u011Bla b\xFDt provedena;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2.j
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.2
      ref_id: 2.1.2.j
      description: document the chosen risk treatment measures in a risk treatment
        plan and the reasons justifying the acceptance of residual risks in a comprehensible
        manner.
      translations:
        es:
          name: null
          description: "informar\xE1n de manera comprensible de las medidas de tratamiento\
            \ de riesgos elegidas en un plan de tratamiento de riesgos y de las razones\
            \ que justifiquen la aceptaci\xF3n de los riesgos residuales."
        cs:
          name: null
          description: "komplexn\u011B zdokumentuj\xED zvolen\xE1 opat\u0159en\xED\
            \ k o\u0161et\u0159en\xED rizik v pl\xE1nu o\u0161et\u0159en\xED rizik\
            \ a d\u016Fvody, kter\xE9 vedly k akceptaci zbytkov\xFDch rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1
      ref_id: 2.1.3
      description: When identifying and prioritising appropriate risk treatment options
        and measures, the relevant entities shall take into account the risk assessment
        results, the results of the procedure to assess the effectiveness of cybersecurity
        risk-management measures, the cost of implementation in relation to the expected
        benefit, the asset classification referred to in point 12.1., and the business
        impact analysis referred to in point 4.1.3.
      translations:
        es:
          name: null
          description: "Cuando detecten y prioricen las opciones y medidas adecuadas\
            \ para el tratamiento de los riesgos, las entidades pertinentes tendr\xE1\
            n en cuenta los resultados de la evaluaci\xF3n de riesgos, los resultados\
            \ del procedimiento para evaluar la eficacia de las medidas para la gesti\xF3\
            n de riesgos de ciberseguridad, el coste de su aplicaci\xF3n en relaci\xF3\
            n con los beneficios previstos, la clasificaci\xF3n de activos contemplada\
            \ en el punto 12.1 y el an\xE1lisis de impacto operativo a que se refiere\
            \ el punto 4.1.3."
        cs:
          name: null
          description: "P\u0159i identifikov\xE1n\xED vhodn\xFDch mo\u017Enost\xED\
            \ a opat\u0159en\xED k o\u0161et\u0159en\xED rizik a stanoven\xED po\u0159\
            ad\xED jejich d\u016Fle\u017Eitosti p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ zohledn\xED v\xFDsledky posouzen\xED rizik, v\xFDsledky postupu pro\
            \ zhodnocen\xED \xFA\u010Dinnosti opat\u0159en\xED k \u0159\xEDzen\xED\
            \ kybernetick\xFDch bezpe\u010Dnostn\xEDch rizik, n\xE1klady na proveden\xED\
            \ ve vztahu k o\u010Dek\xE1van\xE9mu p\u0159\xEDnosu, klasifikaci aktiv\
            \ uvedenou v bod\u011B 12.1 a anal\xFDzu obchodn\xEDho dopadu uvedenou\
            \ v bod\u011B 4.1.3."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.1
      ref_id: 2.1.4
      description: The relevant entities shall review and, where appropriate, update
        the risk assessment results and the risk treatment plan at planned intervals
        and at least annually, and when significant changes to operations or risks
        or significant incidents occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n los resultados de la evaluaci\xF3n de riesgos y el plan\
            \ de tratamiento de riesgos a intervalos planificados y como m\xEDnimo\
            \ anualmente, as\xED como cuando se produzcan incidentes significativos\
            \ o cambios significativos en las operaciones o los riegos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v\xFDsledky posouzen\xED\
            \ rizik a pl\xE1n o\u0161et\u0159en\xED rizik p\u0159ezkoumaj\xED a v\
            \ p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1novan\xFDch\
            \ intervalech alespo\u0148 jednou ro\u010Dn\u011B a p\u0159i v\xFDskytu\
            \ v\xFDznamn\xFDch incident\u016F nebo v\xFDznamn\xFDch zm\u011Bn operac\xED\
            \ \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2
      ref_id: '2.2'
      name: Compliance monitoring
      translations:
        es:
          name: Control del cumplimiento
          description: null
        cs:
          name: "Sledov\xE1n\xED souladu"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2
      ref_id: 2.2.1
      description: The relevant entities shall regularly review the compliance with
        their policies on network and information system security, topic-specific
        policies, rules, and standards. The management bodies shall be informed of
        the status of network and information security on the basis of the compliance
        reviews by means of regular reporting.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n peri\xF3dicamente el\
            \ cumplimiento de sus pol\xEDticas en materia de seguridad de los sistemas\
            \ de redes y de informaci\xF3n, pol\xEDticas espec\xEDficas, reglas y\
            \ normas. Los \xF3rganos de direcci\xF3n ser\xE1n informados, mediante\
            \ informes peri\xF3dicos, del estado de seguridad de las redes y la informaci\xF3\
            n a partir de las revisiones del cumplimiento."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pravideln\u011B p\u0159\
            ezkoum\xE1vaj\xED dodr\u017Eov\xE1n\xED sv\xFDch politik bezpe\u010Dnosti\
            \ s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, tematicky zam\u011B\
            \u0159en\xFDch politik, pravidel a norem. \u0158\xEDd\xEDc\xED org\xE1\
            ny jsou informov\xE1ny o stavu bezpe\u010Dnosti s\xEDt\xED a informac\xED\
            \ na z\xE1klad\u011B p\u0159ezkum\u016F dodr\u017Eov\xE1n\xED souladu\
            \ prost\u0159ednictv\xEDm pravideln\xFDch zpr\xE1v."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2
      ref_id: 2.2.2
      description: "The relevant entities shall put in place an effective compliance\
        \ reporting system which shall be appropriate to their structures, operating\
        \ environments and threat landscapes. The compliance reporting system shall\
        \ be capable to provide to the management bodies an informed view of the current\
        \ state of the relevant entities\u2019 management of risks."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes pondr\xE1n en marcha un sistema\
            \ eficaz de notificaci\xF3n del cumplimiento que ser\xE1 adecuado a sus\
            \ estructuras, sus entornos operativos y su panorama de amenazas. El sistema\
            \ de notificaci\xF3n del cumplimiento podr\xE1 ofrecer a los \xF3rganos\
            \ de direcci\xF3n una visi\xF3n informada del estado en que se encuentre\
            \ la gesti\xF3n de riesgos de las entidades pertinentes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zavedou \xFA\u010Dinn\xFD\
            \ syst\xE9m pod\xE1v\xE1n\xED zpr\xE1v o dodr\u017Eov\xE1n\xED souladu,\
            \ kter\xFD bude odpov\xEDdat jejich struktu\u0159e, provozn\xEDmu prost\u0159\
            ed\xED a prost\u0159ed\xED hrozeb. Syst\xE9m pod\xE1v\xE1n\xED zpr\xE1\
            v o dodr\u017Eov\xE1n\xED souladu mus\xED b\xFDt schopen poskytovat \u0159\
            \xEDdic\xEDm org\xE1n\u016Fm informovan\xFD p\u0159ehled o aktu\xE1ln\xED\
            m stavu \u0159\xEDzen\xED rizik p\u0159\xEDslu\u0161n\xFDmi subjekty."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.2
      ref_id: 2.2.3
      description: The relevant entities shall perform the compliance monitoring at
        planned intervals and when significant incidents or significant changes to
        operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes realizar\xE1n el control del cumplimiento\
            \ a intervalos planificados, as\xED como cuando se produzcan incidentes\
            \ significativos o cambios significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "\tP\u0159\xEDslu\u0161n\xE9 subjekty prov\xE1d\u011Bj\xED\
            \ sledov\xE1n\xED souladu v pl\xE1novan\xFDch intervalech a p\u0159i v\xFD\
            skytu v\xFDznamn\xFDch incident\u016F nebo v\xFDznamn\xFDch zm\u011Bn\
            \ operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2
      ref_id: '2.3'
      name: Independent review of information and network security
      translations:
        es:
          name: "Revisi\xF3n independiente de la seguridad de la informaci\xF3n y\
            \ las redes"
          description: null
        cs:
          name: "Nez\xE1visl\xFD p\u0159ezkum bezpe\u010Dnosti informac\xED a s\xED\
            t\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3
      ref_id: 2.3.1
      description: The relevant entities shall review independently their approach
        to managing network and information system security and its implementation
        including people, processes and technologies.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n de forma independiente\
            \ su enfoque de gesti\xF3n de la seguridad de los sistemas de redes y\
            \ de informaci\xF3n y su aplicaci\xF3n, incluidas las personas, los procesos\
            \ y las tecnolog\xEDas."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty nez\xE1visle p\u0159ezkoum\xE1\
            vaj\xED sv\u016Fj p\u0159\xEDstup k \u0159\xEDzen\xED bezpe\u010Dnosti\
            \ s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F a jeho prov\xE1d\u011B\
            n\xED, v\u010Detn\u011B lid\xED, proces\u016F a technologi\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3
      ref_id: 2.3.2
      description: The relevant entities shall develop and maintain processes to conduct
        independent reviews which shall be carried out by individuals with appropriate
        audit competence. Where the independent review is conducted by staff members
        of the relevant entity, the persons conducting the reviews shall not be in
        the line of authority of the personnel of the area under review. If the size
        of the relevant entities does not allow such separation of line of authority,
        the relevant entities shall put in place alternative measures to guarantee
        the impartiality of the reviews.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes desarrollar\xE1n y mantendr\xE1\
            n procedimientos para llevar a cabo revisiones independientes que ser\xE1\
            n ejecutados por personas con las debidas competencias en materia de auditor\xED\
            a. Cuando miembros del personal de la entidad pertinente realicen una\
            \ revisi\xF3n independiente, las personas encargadas de la misma no podr\xE1\
            n ejercer poder jer\xE1rquico sobre el personal de la zona objeto de la\
            \ revisi\xF3n. Si el tama\xF1o de la entidad pertinente no permite esta\
            \ separaci\xF3n del poder jer\xE1rquico, la entidad pondr\xE1 en marcha\
            \ medidas alternativas para garantizar la imparcialidad de las revisiones."
        cs:
          name: null
          description: "\tP\u0159\xEDslu\u0161n\xE9 subjekty vypracov\xE1vaj\xED a\
            \ spravuj\xED postupy pro prov\xE1d\u011Bn\xED nez\xE1visl\xFDch p\u0159\
            ezkum\u016F, kter\xE9 vykon\xE1vaj\xED osoby s pat\u0159i\u010Dnou kvalifikac\xED\
            \ pro audit. Pokud nez\xE1visl\xFD p\u0159ezkum vykon\xE1vaj\xED zam\u011B\
            stnanci p\u0159\xEDslu\u0161n\xE9ho subjektu, nesm\xED b\xFDt osoby prov\xE1\
            d\u011Bj\xEDc\xED p\u0159ezkumy pod\u0159\xEDzeny zam\u011Bstnanc\u016F\
            m p\u0159ezkoum\xE1van\xE9 oblasti. V p\u0159\xEDpad\u011B, \u017Ee velikost\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F neumo\u017E\u0148uje takov\xE9\
            \ odd\u011Blen\xED pravomoc\xED, zavedou p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ alternativn\xED opat\u0159en\xED, kter\xE1 zaru\u010D\xED nestrannost\
            \ p\u0159ezkum\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3
      ref_id: 2.3.3
      description: "The results of the independent reviews, including the results\
        \ from the compliance monitoring pursuant to point 2.2. and the monitoring\
        \ and measurement pursuant to point 7, shall be reported to the management\
        \ bodies. Corrective actions shall be taken or residual risk accepted according\
        \ to the relevant entities\u2019 risk acceptance criteria."
      translations:
        es:
          name: null
          description: "Los resultados de las revisiones independientes, especialmente\
            \ los resultados del control del cumplimiento de conformidad con el punto\
            \ 2.2 y del control y la medici\xF3n con arreglo al punto 7, se notificar\xE1\
            n a los \xF3rganos de control. De acuerdo con los criterios de aceptaci\xF3\
            n del riesgo de las entidades pertinentes, se adoptar\xE1n medidas correctoras\
            \ o se aceptar\xE1 el riesgo residual."
        cs:
          name: null
          description: "V\xFDsledky nez\xE1visl\xFDch p\u0159ezkum\u016F, v\u010D\
            etn\u011B v\xFDsledk\u016F sledov\xE1n\xED souladu podle bodu 2.2 a monitorov\xE1\
            n\xED a m\u011B\u0159en\xED podle bodu 7, se oznamuj\xED \u0159\xEDd\xED\
            c\xEDm org\xE1n\u016Fm. P\u0159ijmou se n\xE1pravn\xE1 opat\u0159en\xED\
            \ nebo se akceptuje zbytkov\xE9 riziko podle krit\xE9ri\xED, kter\xE9\
            \ si p\u0159\xEDslu\u0161n\xE9 subjekty stanovily pro p\u0159ijatelnost\
            \ rizika."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:2.3
      ref_id: 2.3.4
      description: The independent reviews shall take place at planned intervals and
        when significant incidents or significant changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las revisiones independientes tendr\xE1n lugar a intervalos\
            \ planificados, as\xED como cuando se produzcan incidentes significativos\
            \ o cambios significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "Nez\xE1visl\xE9 p\u0159ezkumy se prov\xE1d\u011Bj\xED v pl\xE1\
            novan\xFDch intervalech a p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            \ nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      assessable: false
      depth: 1
      ref_id: '3'
      name: INCIDENT HANDLING (ARTICLE 21(2), POINT (B), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "GESTI\xD3N DE INCIDENTES [Art\xEDculo 21, Apartado 2, Letra B), de\
            \ la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "\u0158e\u0161en\xED incident\u016F (\u010Dl. 21 odst. 2 p\xEDsm.\
            \ b) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.1'
      name: Incident handling policy
      translations:
        es:
          name: "Pol\xEDtica de gesti\xF3n de incidentes"
          description: null
        cs:
          name: "Politika \u0159e\u0161en\xED incident\u016F"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1
      ref_id: 3.1.1
      description: For the purpose of Article 21(2), point (b) of Directive (EU) 2022/2555,
        the relevant entities shall establish and implement an incident handling policy
        laying down the roles, responsibilities, and procedures for detecting, analysing,
        containing or responding to, recovering from, documenting and reporting of
        incidents in a timely manner.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra b), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes elaborar\xE1\
            n y pondr\xE1n en marcha una pol\xEDtica de gesti\xF3n de incidentes por\
            \ la que se establezcan los roles, responsabilidades y procedimientos\
            \ para la detecci\xF3n, el an\xE1lisis, la contenci\xF3n y la gesti\xF3\
            n de los incidentes, as\xED como la posterior recuperaci\xF3n, documentaci\xF3\
            n y notificaci\xF3n de los mismos a su debido tiempo."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. b) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty vypracuj\xED a\
            \ zavedou politiku \u0159e\u0161en\xED incident\u016F, kter\xE1 stanov\xED\
            \ \xFAkoly, odpov\u011Bdnosti a postupy pro v\u010Dasn\xE9 odhalov\xE1\
            n\xED, anal\xFDzu a omezov\xE1n\xED incident\u016F nebo reagov\xE1n\xED\
            \ na n\u011B, obnovu po incidentech, dokumentov\xE1n\xED a oznamov\xE1\
            n\xED incident\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1
      ref_id: 3.1.2
      description: 'The policy referred to in point 3.1.1 shall be coherent with the
        business continuity and disaster recovery plan referred to in point 4.1. The
        policy shall include:'
      translations:
        es:
          name: null
          description: "La pol\xEDtica prevista en el punto 3.1.1 ser\xE1 coherente\
            \ con el plan de continuidad de las actividades y de recuperaci\xF3n en\
            \ caso de cat\xE1strofe a que hace referencia el punto 4.1. La pol\xED\
            tica incluir\xE1:"
        cs:
          name: null
          description: "Politika uveden\xE1 v bod\u011B 3.1.1 mus\xED b\xFDt v souladu\
            \ s pl\xE1nem kontinuity provozu a pl\xE1nem pro obnovu po hav\xE1rii\
            \ uveden\xFDm v bod\u011B 4.1. Politika obsahuje:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2
      ref_id: 3.1.2.a
      description: a categorisation system for incidents that is consistent with the
        event assessment and classification carried out pursuant to point 3.4.1.;
      translations:
        es:
          name: null
          description: "un sistema de clasificaci\xF3n de incidentes que sea coherente\
            \ con la evaluaci\xF3n y clasificaci\xF3n de sucesos realizada de conformidad\
            \ con el punto 3.4.1;"
        cs:
          name: null
          description: "syst\xE9m klasifikace incident\u016F, kter\xFD je v souladu\
            \ s hodnocen\xEDm a klasifikac\xED ud\xE1lost\xED proveden\xFDmi podle\
            \ bodu 3.4.1;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2
      ref_id: 3.1.2.b
      description: effective communication plans including for escalation and reporting;
      translations:
        es:
          name: null
          description: "planes de comunicaci\xF3n eficaces, especialmente en lo relativo\
            \ a la activaci\xF3n de los niveles sucesivos de intervenci\xF3n y la\
            \ presentaci\xF3n de informes;"
        cs:
          name: null
          description: "\xFA\u010Dinn\xE9 komunika\u010Dn\xED pl\xE1ny, v\u010Detn\u011B\
            \ pl\xE1n\u016F pro eskalaci a pod\xE1v\xE1n\xED zpr\xE1v;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2
      ref_id: 3.1.2.c
      description: assignment of roles to detect and appropriately respond to incidents
        to competent employees;
      translations:
        es:
          name: null
          description: "la asignaci\xF3n, a los empleados competentes, de roles para\
            \ detectar y gestionar adecuadamente los incidentes;"
        cs:
          name: null
          description: "p\u0159id\u011Blen\xED \xFAkol\u016F t\xFDkaj\xEDc\xEDch se\
            \ odhalov\xE1n\xED incident\u016F a vhodn\xE9 reakce na n\u011B kompetentn\xED\
            m zam\u011Bstnanc\u016Fm;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.2
      ref_id: 3.1.2.d
      description: documents to be used in the course of incident detection and response
        such as incident response manuals, escalation charts, contact lists and templates.
      translations:
        es:
          name: null
          description: "los documentos que han de utilizarse durante el proceso para\
            \ detectar y gestionar los incidentes, como, por ejemplo, manuales de\
            \ respuesta a incidentes, cuadros de activaci\xF3n por niveles, listas\
            \ de contactos y plantillas."
        cs:
          name: null
          description: "dokumenty, kter\xE9 se pou\u017E\xEDvaj\xED p\u0159i odhalov\xE1\
            n\xED incident\u016F a reakci na n\u011B, jako jsou p\u0159\xEDru\u010D\
            ky pro reakci na incidenty, eskala\u010Dn\xED matice, seznamy kontakt\u016F\
            \ a \u0161ablony."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.1
      ref_id: 3.1.3
      description: The roles, responsibilities and procedures laid down in the policy
        shall be tested and reviewed and, where appropriate, updated at planned intervals
        and after significant incidents or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Los roles, responsabilidades y procedimientos establecidos\
            \ en la pol\xEDtica se probar\xE1n, revisar\xE1n y, cuando proceda, se\
            \ actualizar\xE1n a intervalos planificados, as\xED como cuando se produzcan\
            \ incidentes significativos o cambios significativos en las operaciones\
            \ o los riesgos."
        cs:
          name: null
          description: "\xDAkoly, odpov\u011Bdnosti a postupy stanoven\xE9 v politice\
            \ se testuj\xED, p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuj\xED v pl\xE1novan\xFDch intervalech a po v\xFDznamn\xFD\
            ch incidentech nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED \u010D\
            i rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.2'
      name: Monitoring and logging
      translations:
        es:
          name: "Supervisi\xF3n y registro"
          description: null
        cs:
          name: "Monitorov\xE1n\xED a veden\xED protokol\u016F"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.1
      description: The relevant entities shall lay down procedures and use tools to
        monitor and log activities on their network and information systems to detect
        events that could be considered as incidents and respond accordingly to mitigate
        the impact.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n procedimientos y\
            \ utilizar\xE1n herramientas para supervisar y registrar las actividades\
            \ en sus sistemas de redes y de informaci\xF3n a fin de detectar sucesos\
            \ que puedan considerarse incidentes y dar una respuesta consecuente para\
            \ mitigar su impacto."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED postupy a pou\u017E\
            \xEDvaj\xED n\xE1stroje pro \u010Dinnosti v r\xE1mci monitorov\xE1n\xED\
            \ a veden\xED protokol\u016F ve sv\xFDch s\xEDt\xEDch a informa\u010D\
            n\xEDch syst\xE9mech s c\xEDlem odhalit ud\xE1losti, kter\xE9 by mohly\
            \ b\xFDt pova\u017Eov\xE1ny za incidenty, a odpov\xEDdaj\xEDc\xEDm zp\u016F\
            sobem na n\u011B reagovat, aby bylo mo\u017En\xE9 zm\xEDrnit dopad."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.2
      description: To the extent feasible, monitoring shall be automated and carried
        out either continuously or in periodic intervals, subject to business capabilities.
        The relevant entities shall implement their monitoring activities in a way
        which minimises false positives and false negatives.
      translations:
        es:
          name: null
          description: "En la medida de lo posible, la supervisi\xF3n se automatizar\xE1\
            \ y se llevar\xE1 a cabo bien de forma continua bien a intervalos peri\xF3\
            dicos, en funci\xF3n de las capacidades operativas. Las entidades pertinentes\
            \ pondr\xE1n en marcha sus actividades de seguimiento de manera que se\
            \ minimicen los falsos positivos y falsos negativos."
        cs:
          name: null
          description: "Monitorov\xE1n\xED mus\xED b\xFDt v provediteln\xE9m rozsahu\
            \ automatizovan\xE9 a v z\xE1vislosti na kapacit\xE1ch podniku prov\xE1\
            d\u011Bn\xE9 bu\u010F nep\u0159etr\u017Eit\u011B, nebo v pravideln\xFD\
            ch intervalech. P\u0159\xEDslu\u0161n\xE9 subjekty prov\xE1d\u011Bj\xED\
            \ sv\xE9 monitorovac\xED \u010Dinnosti zp\u016Fsobem, kter\xFD minimalizuje\
            \ fale\u0161n\u011B pozitivn\xED a fale\u0161n\u011B negativn\xED v\xFD\
            sledky."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.3
      description: 'Based on the procedures referred to in point 3.2.1., the relevant
        entities shall maintain, document, and review logs. The relevant entities
        shall establish a list of assets to be subject to logging based on the results
        of the risk assessment carried out pursuant to point 2.1. Where appropriate,
        logs shall include:'
      translations:
        es:
          name: null
          description: "A partir de los procedimientos contemplados en el punto 3.2.1,\
            \ las entidades pertinentes mantendr\xE1n, completar\xE1n y revisar\xE1\
            n sus registros. Las entidades pertinentes establecer\xE1n una lista de\
            \ los activos que deban registrarse teniendo en cuenta los resultados\
            \ de la evaluaci\xF3n de riesgos efectuada conforme al punto 2.1. Cuando\
            \ proceda, los registros incluir\xE1n informaci\xF3n sobre:"
        cs:
          name: null
          description: "Na z\xE1klad\u011B postup\u016F uveden\xFDch v bod\u011B 3.2.1\
            \ p\u0159\xEDslu\u0161n\xE9 subjekty vedou, dokumentuj\xED a p\u0159ezkoum\xE1\
            vaj\xED protokoly. P\u0159\xEDslu\u0161n\xE9 subjekty sestav\xED seznam\
            \ aktiv, o kter\xFDch maj\xED b\xFDt vedeny protokoly, na z\xE1klad\u011B\
            \ v\xFDsledk\u016F posouzen\xED rizik proveden\xE9ho podle bodu 2.1. Protokoly\
            \ mus\xED p\u0159\xEDpadn\u011B obsahovat:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.a
      description: relevant outbound and inbound network traffic;
      translations:
        es:
          name: null
          description: "el tr\xE1fico de entrada y salida de la red;"
        cs:
          name: null
          description: "p\u0159\xEDslu\u0161n\xFD odchoz\xED a p\u0159\xEDchoz\xED\
            \ s\xED\u0165ov\xFD provoz;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.b
      description: "creation, modification or deletion of users of the relevant entities\u2019\
        \ network and information systems and extension of the permissions;"
      translations:
        es:
          name: null
          description: "la creaci\xF3n, modificaci\xF3n o supresi\xF3n de usuarios\
            \ de los sistemas de redes y de informaci\xF3n de las entidades pertinentes\
            \ y la ampliaci\xF3n de los permisos;"
        cs:
          name: null
          description: "vytv\xE1\u0159en\xED, zm\u011Bny nebo odstra\u0148ov\xE1n\xED\
            \ u\u017Eivatel\u016F s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F a roz\u0161i\u0159ov\xE1n\xED\
            \ opr\xE1vn\u011Bn\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.c
      description: access to systems and applications;
      translations:
        es:
          name: null
          description: el acceso a los sistemas y aplicaciones;
        cs:
          name: null
          description: "p\u0159\xEDstup k syst\xE9m\u016Fm a aplikac\xEDm;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.d
      description: authentication-related events;
      translations:
        es:
          name: null
          description: "los sucesos relacionados con la autenticaci\xF3n;"
        cs:
          name: null
          description: "ud\xE1losti souvisej\xEDc\xED s autentizac\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.e
      description: all privileged access to systems and applications, and activities
        performed by administrative accounts;
      translations:
        es:
          name: null
          description: "todo acceso privilegiado a los sistemas y aplicaciones, as\xED\
            \ como las actividades realizadas por las cuentas de administraci\xF3\
            n;"
        cs:
          name: null
          description: "ve\u0161ker\xFD administr\xE1torsk\xFD p\u0159\xEDstup k syst\xE9\
            m\u016Fm a aplikac\xEDm a \u010Dinnosti prov\xE1d\u011Bn\xE9 prost\u0159\
            ednictv\xEDm \xFA\u010Dt\u016F spr\xE1vce;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.f
      description: access or changes to critical configuration and backup files;
      translations:
        es:
          name: null
          description: "el acceso a los archivos cr\xEDticos de configuraci\xF3n y\
            \ a las copias de seguridad y todo cambio en los mismos;"
        cs:
          name: null
          description: "p\u0159\xEDstup k d\u016Fle\u017Eit\xFDm konfigura\u010Dn\xED\
            m a z\xE1lo\u017En\xEDm soubor\u016Fm nebo jejich zm\u011Bny;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.g
      description: event logs and logs from security tools, such as antivirus, intrusion
        detection systems or firewalls;
      translations:
        es:
          name: null
          description: "los registros de sucesos y los registros de las herramientas\
            \ de seguridad, como antivirus, sistemas de detecci\xF3n de intrusiones\
            \ o cortafuegos;"
        cs:
          name: null
          description: "protokoly ud\xE1lost\xED a protokoly z bezpe\u010Dnostn\xED\
            ch n\xE1stroj\u016F, jako jsou antivirov\xE9 programy, syst\xE9my detekce\
            \ naru\u0161en\xED nebo br\xE1ny firewall;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.h
      description: use of system resources, as well as their performance;
      translations:
        es:
          name: null
          description: "el uso de los recursos del sistema, as\xED como su rendimiento;"
        cs:
          name: null
          description: "vyu\u017Eit\xED syst\xE9mov\xFDch prost\u0159edk\u016F a jejich\
            \ v\xFDkonnost;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.i
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.i
      description: physical access to facilities;
      translations:
        es:
          name: null
          description: "el acceso f\xEDsico a las instalaciones;"
        cs:
          name: null
          description: "fyzick\xFD p\u0159\xEDstup k za\u0159\xEDzen\xEDm;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.j
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.j
      description: access to and use of their network equipment and devices;
      translations:
        es:
          name: null
          description: "el acceso a los equipos y dispositivos de red y su utilizaci\xF3\
            n;"
        cs:
          name: null
          description: "p\u0159\xEDstup k jejich s\xED\u0165ov\xE9mu vybaven\xED a\
            \ za\u0159\xEDzen\xEDm a jejich pou\u017E\xEDv\xE1n\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.k
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.k
      description: activation, stopping and pausing of the various logs;
      translations:
        es:
          name: null
          description: "la activaci\xF3n, detenci\xF3n e interrupci\xF3n de los distintos\
            \ registros;"
        cs:
          name: null
          description: "aktivace, zastaven\xED a pozastaven\xED r\u016Fzn\xFDch protokol\u016F\
            ;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3.l
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.3
      ref_id: 3.2.3.l
      description: environmental events.
      translations:
        es:
          name: null
          description: los sucesos medioambientales.
        cs:
          name: null
          description: "environment\xE1ln\xED ud\xE1losti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.4
      description: The logs shall be regularly reviewed for any unusual or unwanted
        trends. Where appropriate, the relevant entities shall lay down appropriate
        values for alarm thresholds. If the laid down values for alarm threshold are
        exceeded, an alarm shall be triggered, where appropriate, automatically. The
        relevant entities shall ensure that, in case of an alarm, a qualified and
        appropriate response is initiated in a timely manner.
      translations:
        es:
          name: null
          description: "Se revisar\xE1 peri\xF3dicamente la existencia de tendencias\
            \ inusuales o indeseadas en los registros. Cuando proceda, las entidades\
            \ pertinentes establecer\xE1n valores adecuados para los umbrales de alerta.\
            \ Cuando se superen los valores establecidos para los umbrales de alerta,\
            \ saltar\xE1 una alarma que ser\xE1, en su caso, autom\xE1tica. Las entidades\
            \ pertinentes se asegurar\xE1n de que, en las situaciones de alerta, se\
            \ adopte a su debido tiempo una respuesta cualificada y adecuada."
        cs:
          name: null
          description: "Protokoly se pravideln\u011B p\u0159ezkoum\xE1vaj\xED, zda\
            \ se v nich neobjevuj\xED neobvykl\xE9 nebo ne\u017E\xE1douc\xED trendy.\
            \ P\u0159\xEDslu\u0161n\xE9 subjekty v p\u0159\xEDpad\u011B pot\u0159\
            eby stanov\xED vhodn\xE9 hodnoty v\xFDstra\u017En\xFDch prah\u016F. Pokud\
            \ jsou p\u0159ekro\u010Deny stanoven\xE9 hodnoty v\xFDstra\u017En\xFD\
            ch prah\u016F, spust\xED se v p\u0159\xEDpad\u011B pot\u0159eby automaticky\
            \ alarm. P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby v p\u0159\xED\
            pad\u011B spu\u0161t\u011Bn\xED alarmu byla v\u010Das zah\xE1jena kvalifikovan\xE1\
            \ a vhodn\xE1 reakce."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.5
      description: The relevant entities shall maintain and back up logs for a predefined
        period and shall protect them from unauthorised access or changes.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes mantendr\xE1n registros, de los\
            \ que har\xE1n copias de seguridad, durante un per\xEDodo predefinido,\
            \ y los proteger\xE1n contra el acceso o los cambios no autorizados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty uchov\xE1vaj\xED a z\xE1\
            lohuj\xED protokoly po p\u0159edem stanovenou dobu a chr\xE1n\xED je p\u0159\
            ed neopr\xE1vn\u011Bn\xFDm p\u0159\xEDstupem nebo zm\u011Bnami."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.6
      description: To the extent feasible, the relevant entities shall ensure that
        all systems have synchronised time sources to be able to correlate logs between
        systems for event assessment. The relevant entities shall establish and keep
        a list of all assets that are being logged and ensure that monitoring and
        logging systems are redundant. The availability of the monitoring and logging
        systems shall be monitored independent of the systems they are monitoring.
      translations:
        es:
          name: null
          description: "En la medida de lo posible, las entidades pertinentes velar\xE1\
            n por que todos los sistemas dispongan de fuentes de informaci\xF3n temporal\
            \ sincronizadas para permitir la vinculaci\xF3n de registros entre sistemas\
            \ de cara a la evaluaci\xF3n de sucesos. Las entidades pertinentes establecer\xE1\
            n y mantendr\xE1n una lista de todos los activos que se registren y velar\xE1\
            n por que los sistemas de seguimiento y registro sean redundantes. La\
            \ disponibilidad de los sistemas de supervisi\xF3n y registro se controlar\xE1\
            \ con independencia de los sistemas que est\xE9n supervisando."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v provediteln\xE9m rozsahu\
            \ zajist\xED, aby v\u0161echny syst\xE9my m\u011Bly synchronizovan\xE9\
            \ zdroje \u010Dasu, a aby tak bylo mo\u017En\xE9 propojovat protokoly\
            \ mezi syst\xE9my za \xFA\u010Delem vyhodnocen\xED ud\xE1losti. P\u0159\
            \xEDslu\u0161n\xE9 subjekty vytv\xE1\u0159ej\xED a vedou seznam v\u0161\
            ech aktiv, o kter\xFDch maj\xED b\xFDt vedeny protokoly, a zajist\xED\
            , aby syst\xE9my monitorov\xE1n\xED a veden\xED protokol\u016F byly redundantn\xED\
            . Dostupnost syst\xE9m\u016F monitorov\xE1n\xED a veden\xED protokol\u016F\
            \ se sleduje nez\xE1visle na syst\xE9mech, kter\xE9 monitoruj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2.7
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.2
      ref_id: 3.2.7
      description: The procedures as well as the list of assets that are being logged
        shall be reviewed and, where appropriate, updated at regular intervals and
        after significant incidents.
      translations:
        es:
          name: null
          description: "Tanto los procedimientos como la lista de activos que se registren\
            \ se revisar\xE1n y, cuando proceda, se actualizar\xE1n a intervalos regulares\
            \ y despu\xE9s de incidentes significativos."
        cs:
          name: null
          description: "Postupy i seznam aktiv, o kter\xFDch maj\xED b\xFDt vedeny\
            \ protokoly, se p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuj\xED pravideln\u011B a po v\xFDznamn\xFDch incidentech."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.3'
      name: Event reporting
      translations:
        es:
          name: "Notificaci\xF3n de sucesos"
          description: null
        cs:
          name: "Oznamov\xE1n\xED ud\xE1lost\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3
      ref_id: 3.3.1
      description: The relevant entities shall put in place a simple mechanism allowing
        their employees, suppliers, and customers to report suspicious events.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes pondr\xE1n en marcha un mecanismo\
            \ sencillo que permita a sus empleados, proveedores y clientes notificar\
            \ los sucesos sospechosos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zavedou jednoduch\xFD mechanismus,\
            \ kter\xFD umo\u017En\xED jejich zam\u011Bstnanc\u016Fm, dodavatel\u016F\
            m a z\xE1kazn\xEDk\u016Fm oznamovat podez\u0159el\xE9 ud\xE1losti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.3
      ref_id: 3.3.2
      description: The relevant entities shall, where appropriate, communicate the
        event reporting mechanism to their suppliers and customers, and shall regularly
        train their employees how to use the mechanism.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes informar\xE1n, cuando proceda, del\
            \ mecanismo de notificaci\xF3n de sucesos a sus proveedores y clientes,\
            \ y formar\xE1n peri\xF3dicamente a sus empleados en el uso del mismo."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v p\u0159\xEDpad\u011B\
            \ pot\u0159eby informuj\xED sv\xE9 dodavatele a z\xE1kazn\xEDky o mechanismu\
            \ pro oznamov\xE1n\xED ud\xE1lost\xED a pravideln\u011B \u0161kol\xED\
            \ sv\xE9 zam\u011Bstnance, jak tento mechanismus pou\u017E\xEDvat."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.4'
      name: Event assessment and classification
      translations:
        es:
          name: "Evaluaci\xF3n y clasificaci\xF3n de sucesos"
          description: null
        cs:
          name: "Hodnocen\xED a klasifikace ud\xE1lost\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4
      ref_id: 3.4.1
      description: The relevant entities shall assess suspicious events to determine
        whether they constitute incidents and, if so, determine their nature and severity.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes evaluar\xE1n los sucesos sospechosos\
            \ para determinar si constituyen incidentes y, en su caso, esclarecer\
            \ su naturaleza y gravedad."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty posoud\xED podez\u0159\
            el\xE9 ud\xE1losti, aby ur\u010Dily, zda se jedn\xE1 o incidenty, a pokud\
            \ ano, ur\u010D\xED jejich povahu a z\xE1va\u017Enost."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4
      ref_id: 3.4.2
      description: 'For the purpose of point 3.4.1, the relevant entities shall act
        in the following manner:'
      translations:
        es:
          name: null
          description: "A los efectos del punto 3.4.1, las entidades pertinentes realizar\xE1\
            n las acciones siguientes:"
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 3.4.1 postupuj\xED p\u0159\xEDslu\u0161\
            n\xE9 subjekty takto:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      ref_id: 3.4.2.a
      description: carry out the assessment based on predefined criteria laid down
        in advance, and on a triage to determine prioritisation of incident containment
        and eradication;
      translations:
        es:
          name: null
          description: "una evaluaci\xF3n basada en criterios predefinidos fijados\
            \ de antemano y en una clasificaci\xF3n que establezca las prioridades\
            \ de contenci\xF3n y erradicaci\xF3n de incidentes;"
        cs:
          name: null
          description: "proveden\xED hodnocen\xED na z\xE1klad\u011B p\u0159edem stanoven\xFD\
            ch krit\xE9ri\xED a na z\xE1klad\u011B rozt\u0159\xEDd\u011Bn\xED s c\xED\
            lem ur\u010Dit priority, pokud jde o zamezen\xED \u0161\xED\u0159en\xED\
            \ incidentu a jeho odstran\u011Bn\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      ref_id: 3.4.2.b
      description: assess the existence of recurring incidents as referred to in Article
        4 of this Regulation on a quarterly basis;
      translations:
        es:
          name: null
          description: "la evaluaci\xF3n trimestral de la existencia de incidentes\
            \ recurrentes tal como contempla el art\xEDculo 4 del presente Reglamento;"
        cs:
          name: null
          description: "zhodnocen\xED existence opakuj\xEDc\xEDch se incident\u016F\
            \ podle \u010Dl\xE1nku 4 tohoto na\u0159\xEDzen\xED jednou za \u010Dtvrtlet\xED\
            ;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      ref_id: 3.4.2.c
      description: review the appropriate logs for the purposes of event assessment
        and classification;
      translations:
        es:
          name: null
          description: "la revisi\xF3n de los registros adecuados a efectos de la\
            \ evaluaci\xF3n y clasificaci\xF3n de los sucesos;"
        cs:
          name: null
          description: "p\u0159ezkoum\xE1n\xED p\u0159\xEDslu\u0161n\xFDch protokol\u016F\
            \ pro \xFA\u010Dely hodnocen\xED a klasifikace ud\xE1lost\xED;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      ref_id: 3.4.2.d
      description: put in place a process for log correlation and analysis, and
      translations:
        es:
          name: null
          description: "la puesta en marcha de un procedimiento para vincular los\
            \ registros y el an\xE1lisis;"
        cs:
          name: null
          description: "zaveden\xED postupu pro propojen\xED a anal\xFDzu protokol\u016F\
            \ a"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.4.2
      ref_id: 3.4.2.e
      description: reassess and reclassify events in case of new information becoming
        available or after analysis of previously available information.
      translations:
        es:
          name: null
          description: "y la reevaluaci\xF3n y reclasificaci\xF3n de los sucesos cuando\
            \ se disponga de nueva informaci\xF3n o tras analizar la informaci\xF3\
            n disponible previamente."
        cs:
          name: null
          description: "p\u0159ehodnocen\xED a p\u0159eklasifikov\xE1n\xED ud\xE1\
            lost\xED v p\u0159\xEDpad\u011B, \u017Ee se objev\xED nov\xE9 informace,\
            \ nebo po anal\xFDze d\u0159\xEDve dostupn\xFDch informac\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.5'
      name: Incident response
      translations:
        es:
          name: Respuesta ante incidentes
          description: null
        cs:
          name: Reakce na incident
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      ref_id: 3.5.1
      description: The relevant entities shall respond to incidents in accordance
        with documented procedures and in a timely manner.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes responder\xE1n a los incidentes\
            \ a su debido tiempo y de conformidad con procedimientos documentados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty reaguj\xED na incidenty\
            \ v\u010Das a v souladu se zdokumentovan\xFDmi postupy."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      ref_id: 3.5.2
      description: 'The incident response procedures shall include the following stages:'
      translations:
        es:
          name: null
          description: "Los procedimientos de respuesta ante los incidentes incluir\xE1\
            n las siguientes fases:"
        cs:
          name: null
          description: "Postupy reakce na incident zahrnuj\xED tyto f\xE1ze:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2
      ref_id: 3.5.2.a
      description: incident containment, to prevent the consequences of the incident
        from spreading;
      translations:
        es:
          name: null
          description: "contenci\xF3n del incidente, para evitar las consecuencias\
            \ de que se propague;"
        cs:
          name: null
          description: "zamezen\xED \u0161\xED\u0159en\xED incidentu s c\xEDlem p\u0159\
            edej\xEDt d\u016Fsledk\u016Fm incidentu zp\u016Fsoben\xFDm jeho roz\u0161\
            \xED\u0159en\xEDm;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2
      ref_id: 3.5.2.b
      description: eradication, to prevent the incident from continuing or reappearing,
      translations:
        es:
          name: null
          description: "erradicaci\xF3n, para evitar que el incidente contin\xFAe\
            \ o reaparezca;"
        cs:
          name: null
          description: "odstran\u011Bn\xED incidentu, aby se zabr\xE1nilo jeho pokra\u010D\
            ov\xE1n\xED nebo op\u011Btovn\xE9mu v\xFDskytu;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.2
      ref_id: 3.5.2.c
      description: recovery from the incident, where necessary.
      translations:
        es:
          name: null
          description: "recuperaci\xF3n tras el incidente, cuando se requiera."
        cs:
          name: null
          description: "p\u0159\xEDpadn\u011B obnova po incidentu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      ref_id: 3.5.3
      description: 'The relevant entities shall establish communication plans and
        procedures:'
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n procedimientos y\
            \ planes de comunicaci\xF3n:"
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED komunika\u010D\
            n\xED pl\xE1ny a postupy:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3
      ref_id: 3.5.3.a
      description: with the Computer Security Incident Response Teams (CSIRTs) or,
        where applicable, the competent authorities, related to incident notification;
      translations:
        es:
          name: null
          description: "con los equipos de respuesta ante incidentes de seguridad\
            \ inform\xE1tica (CSIRT) o, cuando proceda, las autoridades competentes,\
            \ en materia de notificaci\xF3n de incidentes;"
        cs:
          name: null
          description: "s t\xFDmy pro reakce na po\u010D\xEDta\u010Dov\xE9 bezpe\u010D\
            nostn\xED incidenty (CSIRT) nebo v p\u0159\xEDslu\u0161n\xFDch p\u0159\
            \xEDpadech s p\u0159\xEDslu\u0161n\xFDmi org\xE1ny v souvislosti s oznamov\xE1\
            n\xEDm incident\u016F;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.3
      ref_id: 3.5.3.b
      description: for communication among staff members of the relevant entity, and
        for communication with relevant stakeholders external to the relevant entity.
      translations:
        es:
          name: null
          description: "para la comunicaci\xF3n entre los miembros del personal de\
            \ la entidad pertinente, y para la comunicaci\xF3n con las partes interesadas\
            \ ajenas a la entidad."
        cs:
          name: null
          description: "pro komunikaci mezi zam\u011Bstnanci p\u0159\xEDslu\u0161\
            n\xE9ho subjektu a pro komunikaci s p\u0159\xEDslu\u0161n\xFDmi z\xFA\u010D\
            astn\u011Bn\xFDmi stranami mimo subjekt."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      ref_id: 3.5.4
      description: The relevant entities shall log incident response activities in
        accordance with the procedures referred to in point 3.2.1., and record evidence.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes registrar\xE1n tanto las actividades\
            \ de respuesta ante incidentes de conformidad con los procedimientos contemplados\
            \ en el punto 3.2.1 como las pruebas correspondientes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vedou protokoly o \u010D\
            innostech v r\xE1mce reakce na incident v souladu s postupy uveden\xFD\
            mi v bod\u011B 3.2.1 a zaznamen\xE1vaj\xED d\u016Fkazy."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.5
      ref_id: 3.5.5
      description: The relevant entities shall test at planned intervals their incident
        response procedures.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes probar\xE1n a intervalos planificados\
            \ sus procedimientos de respuesta ante los incidentes."
        cs:
          name: null
          description: "\tP\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ testuj\xED sv\xE9 postupy reakce na incidenty."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3
      ref_id: '3.6'
      name: Post-incident reviews
      translations:
        es:
          name: Revisiones posteriores al incidente
          description: null
        cs:
          name: "P\u0159ezkumy po incidentu"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6
      ref_id: 3.6.1
      description: Where appropriate, the relevant entities shall carry out post-incident
        reviews after recovery from incidents. The post-incident reviews shall identify,
        where possible, the root cause of the incident and result in documented lessons
        learned to reduce the occurrence and consequences of future incidents.
      translations:
        es:
          name: null
          description: "Cuando proceda, y una vez se hayan recuperado del incidente,\
            \ las entidades pertinentes llevar\xE1n a cabo revisiones posteriores\
            \ al mismo. Las revisiones posteriores al incidente identificar\xE1n,\
            \ cuando se pueda, la causa subyacente y se traducir\xE1n en conclusiones\
            \ documentadas para reducir la ocurrencia y las consecuencias de futuros\
            \ incidentes."
        cs:
          name: null
          description: "\tV p\u0159\xEDpad\u011B pot\u0159eby p\u0159\xEDslu\u0161\
            n\xE9 subjekty prov\xE1d\u011Bj\xED po obnov\u011B p\u0159ezkumy po incidentu.\
            \ P\u0159ezkumy po incidentu mus\xED pokud mo\u017Eno identifikovat hlavn\xED\
            \ p\u0159\xED\u010Dinu incidentu a v\xE9st ke zdokumentov\xE1n\xED z\xED\
            skan\xFDch zku\u0161enost\xED s c\xEDlem omezit v\xFDskyt a n\xE1sledky\
            \ incident\u016F v budoucnu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6
      ref_id: 3.6.2
      description: The relevant entities shall ensure that post-incident reviews contribute
        to improving their approach to network and information security, to risk treatment
        measures, and to incident handling, detection and response procedures.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes velar\xE1n por que las revisiones\
            \ posteriores a los incidentes contribuyan a mejorar su enfoque en materia\
            \ de seguridad de las redes y de la informaci\xF3n, de medidas de tratamiento\
            \ de riesgos y de procedimientos de gesti\xF3n, detecci\xF3n y respuesta\
            \ ante incidentes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby p\u0159\
            ezkumy po incidentu p\u0159isp\u011Bly ke zlep\u0161en\xED jejich p\u0159\
            \xEDstupu k bezpe\u010Dnosti s\xEDt\xED a informac\xED, k opat\u0159en\xED\
            m pro o\u0161et\u0159en\xED rizik a k postup\u016Fm pro \u0159e\u0161\
            en\xED a odhalov\xE1n\xED incident\u016F a reakci na n\u011B."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6.3
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:3.6
      ref_id: 3.6.3
      description: The relevant entities shall review at planned intervals if incidents
        led to post-incident reviews.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes comprobar\xE1n a intervalos planificados\
            \ si los incidentes condujeron a revisiones posteriores al incidente."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoum\xE1vaj\xED, zda incidenty vedly k p\u0159ezkumu po incidentu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4
      assessable: false
      depth: 1
      ref_id: '4'
      name: BUSINESS CONTINUITY AND CRISIS MANAGEMENT (ARTICLE 21(2), POINT (C), OF
        DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "CONTINUIDAD DE LAS ACTIVIDADES Y GESTI\xD3N DE LAS CRISIS [Art\xED\
            culo 21, Apartado 2, Letra C), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Kontinuita podnik\xE1n\xED a krizov\xE9 \u0159\xEDzen\xED (\u010D\
            l. 21 odst. 2 p\xEDsm. c) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4
      ref_id: '4.1'
      name: Business continuity and disaster recovery plan
      translations:
        es:
          name: "Plan de continuidad de las actividades y de recuperaci\xF3n en caso\
            \ de cat\xE1strofe"
          description: null
        cs:
          name: "Pl\xE1n kontinuity provozu a obnovy provozu po hav\xE1rii"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1
      ref_id: 4.1.1
      description: For the purpose of Article 21(2), point (c) of Directive (EU) 2022/2555,
        the relevant entities shall lay down and maintain a business continuity and
        disaster recovery plan to apply in the case of incidents.
      translations:
        es:
          name: null
          description: "A efectos del art\xEDculo 21, apartado 2, letra c), de la\
            \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n\
            \ y mantendr\xE1n un plan de continuidad de las actividades y de recuperaci\xF3\
            n en caso de cat\xE1strofe que pondr\xE1n en marcha si se producen incidentes."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. c) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED a udr\u017E\
            uj\xED pl\xE1n kontinuity provozu a obnovy provozu po hav\xE1rii, kter\xFD\
            \ se pou\u017Eije v p\u0159\xEDpad\u011B incident\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1
      ref_id: 4.1.2
      description: "The relevant entities\u2019 operations shall be restored according\
        \ to the business continuity and disaster recovery plan. The plan shall be\
        \ based on the results of the risk assessment carried out pursuant to point\
        \ 2.1 and shall include, where appropriate, the following:"
      translations:
        es:
          name: null
          description: "Las operaciones de las entidades pertinentes se restablecer\xE1\
            n de acuerdo con el plan de continuidad de las actividades y de recuperaci\xF3\
            n en caso de cat\xE1strofe. El plan se basar\xE1 en los resultados de\
            \ la evaluaci\xF3n de riesgos realizada con arreglo al punto 2.1 e incluir\xE1\
            , seg\xFAn proceda, lo siguiente:"
        cs:
          name: null
          description: "\tProvoz p\u0159\xEDslu\u0161n\xFDch subjekt\u016F se obnov\xED\
            \ v souladu s pl\xE1nem kontinuity provozu a obnovy provozu po hav\xE1\
            rii. Pl\xE1n se zakl\xE1d\xE1 na v\xFDsledc\xEDch posouzen\xED rizik proveden\xE9\
            ho podle bodu 2.1 a obsahuje v p\u0159\xEDpad\u011B pot\u0159eby tyto\
            \ \xFAdaje:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.a
      description: purpose, scope and audience;
      translations:
        es:
          name: null
          description: "objetivos, \xE1mbito de aplicaci\xF3n y p\xFAblico destinatario;"
        cs:
          name: null
          description: "\xFA\u010Del, oblast p\u016Fsobnosti a c\xEDlov\xE1 skupina;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.b
      description: roles and responsibilities;
      translations:
        es:
          name: null
          description: roles y responsabilidades;
        cs:
          name: null
          description: "\xFAkoly a povinnosti;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.c
      description: key contacts and (internal and external) communication channels;
      translations:
        es:
          name: null
          description: "contactos clave y canales de comunicaci\xF3n (internos y externos);"
        cs:
          name: null
          description: "hlavn\xED kontaktn\xED osoby a (intern\xED a extern\xED) komunika\u010D\
            n\xED kan\xE1ly;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.d
      description: conditions for plan activation and deactivation;
      translations:
        es:
          name: null
          description: "condiciones de activaci\xF3n y desactivaci\xF3n del plan;"
        cs:
          name: null
          description: "podm\xEDnky pro aktivaci a deaktivaci pl\xE1nu;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.e
      description: order of recovery for operations;
      translations:
        es:
          name: null
          description: "orden de recuperaci\xF3n de las operaciones;"
        cs:
          name: null
          description: postup obnovy pro operace;
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.f
      description: recovery plans for specific operations, including recovery objectives;
      translations:
        es:
          name: null
          description: "planes de recuperaci\xF3n de operaciones espec\xEDficas, incluidos\
            \ los objetivos de recuperaci\xF3n;"
        cs:
          name: null
          description: "pl\xE1ny obnovy pro konkr\xE9tn\xED operace, v\u010Detn\u011B\
            \ c\xEDl\u016F obnovy;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.g
      description: required resources, including backups and redundancies;
      translations:
        es:
          name: null
          description: recursos necesarios, incluidas las copias de seguridad y las
            redundancias;
        cs:
          name: null
          description: "po\u017Eadovan\xE9 zdroje, v\u010Detn\u011B z\xE1loh a redundanc\xED\
            ;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.2
      ref_id: 4.1.2.h
      description: restoring and resuming activities from temporary measures.
      translations:
        es:
          name: null
          description: "restablecimiento y reanudaci\xF3n de las actividades a partir\
            \ de medidas temporales."
        cs:
          name: null
          description: "obnoven\xED \u010Dinnost\xED po do\u010Dasn\xFDch opat\u0159\
            en\xEDch a pokra\u010Dov\xE1n\xED v t\u011Bchto \u010Dinnostech."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1
      ref_id: 4.1.3
      description: The relevant entities shall carry out a business impact analysis
        to assess the potential impact of severe disruptions to their business operations
        and shall, based on the results of the business impact analysis, establish
        continuity requirements for the network and information systems.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes realizar\xE1n un an\xE1lisis de\
            \ impacto operativo para evaluar el posible impacto de las perturbaciones\
            \ graves en sus operaciones y establecer\xE1n, a partir de los resultados\
            \ de dicho an\xE1lisis, requisitos de continuidad para los sistemas de\
            \ redes y de informaci\xF3n."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty provedou anal\xFDzu obchodn\xED\
            ho dopadu, aby posoudily potenci\xE1ln\xED dopady z\xE1va\u017En\xFDch\
            \ naru\u0161en\xED na jejich obchodn\xED operace, a na z\xE1klad\u011B\
            \ v\xFDsledk\u016F anal\xFDzy obchodn\xEDho dopadu stanov\xED po\u017E\
            adavky na zachov\xE1n\xED provozu pro s\xEDt\u011B a informa\u010Dn\xED\
            \ syst\xE9my."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.1
      ref_id: 4.1.4
      description: The business continuity plan and disaster recovery plan shall be
        tested, reviewed and, where appropriate, updated at planned intervals and
        following significant incidents or significant changes to operations or risks.
        The relevant entities shall ensure that the plans incorporate lessons learnt
        from such tests.
      translations:
        es:
          name: null
          description: "El plan de continuidad de las actividades y el plan de recuperaci\xF3\
            n en caso de cat\xE1strofe se probar\xE1n, revisar\xE1n y, cuando proceda,\
            \ se actualizar\xE1n a intervalos planificados o tras incidentes significativos\
            \ o cambios significativos en las operaciones o los riesgos. Las entidades\
            \ pertinentes velar\xE1n por que dichos planes engloben las conclusiones\
            \ extra\xEDdas en las pruebas."
        cs:
          name: null
          description: "\tPl\xE1n kontinuity provozu a obnovy provozu po hav\xE1rii\
            \ se testuje, p\u0159ezkoum\xE1v\xE1 a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuje v pl\xE1novan\xFDch intervalech a po v\xFDznamn\xFDch\
            \ incidentech nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED nebo rizik.\
            \ P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby pl\xE1ny zohled\u0148\
            ovaly poznatky z\xEDskan\xE9 z t\u011Bchto test\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4
      ref_id: '4.2'
      name: Backup and redundancy management
      translations:
        es:
          name: "Gesti\xF3n de las copias de seguridad y las redundancias"
          description: null
        cs:
          name: "Spr\xE1va z\xE1lohov\xE1n\xED a redundance"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.1
      description: The relevant entities shall maintain backup copies of data and
        provide sufficient available resources, including facilities, network and
        information systems and staff, to ensure an appropriate level of redundancy.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes mantendr\xE1n copias de seguridad\
            \ de los datos y pondr\xE1n a disposici\xF3n recursos suficientes, como\
            \ instalaciones, sistemas de redes y de informaci\xF3n y personal, para\
            \ velar por un nivel de redundancia adecuado."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty uchov\xE1vaj\xED z\xE1\
            lo\u017En\xED kopie \xFAdaj\u016F a poskytuj\xED dostate\u010Dn\xE9 dostupn\xE9\
            \ zdroje, v\u010Detn\u011B za\u0159\xEDzen\xED, s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F a zam\u011Bstnanc\u016F, aby zajistily odpov\xED\
            daj\xEDc\xED \xFArove\u0148 redundance."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.2
      description: 'Based on the results of the risk assessment carried out pursuant
        to point 2.1 and the business continuity plan, the relevant entities shall
        lay down backup plans which include the following:'
      translations:
        es:
          name: null
          description: "A partir de los resultados de la evaluaci\xF3n de riesgos\
            \ realizada seg\xFAn el punto 2.1 y el plan de continuidad de las actividades,\
            \ las entidades pertinentes establecer\xE1n planes de copia de seguridad\
            \ que incluir\xE1n lo siguiente:"
        cs:
          name: null
          description: "Na z\xE1klad\u011B v\xFDsledk\u016F posouzen\xED rizik proveden\xE9\
            ho podle bodu 2.1 a pl\xE1nu kontinuity provozu stanov\xED p\u0159\xED\
            slu\u0161n\xE9 subjekty pl\xE1ny z\xE1lohov\xE1n\xED, kter\xE9 obsahuj\xED\
            \ tyto skute\u010Dnosti:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.a
      description: recovery times;
      translations:
        es:
          name: null
          description: "plazos de recuperaci\xF3n;"
        cs:
          name: null
          description: doby obnovy;
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.b
      description: assurance that backup copies are complete and accurate, including
        configuration data and data stored in cloud computing service environment;
      translations:
        es:
          name: null
          description: "garant\xEDas de que las copias de seguridad sean completas\
            \ y precisas, especialmente los datos de configuraci\xF3n y la informaci\xF3\
            n almacenada en el entorno de proveedores de servicios de computaci\xF3\
            n en nube;"
        cs:
          name: null
          description: "uji\u0161t\u011Bn\xED, \u017Ee z\xE1lo\u017En\xED kopie jsou\
            \ \xFApln\xE9 a spr\xE1vn\xE9, v\u010Detn\u011B konfigura\u010Dn\xEDch\
            \ dat a \xFAdaj\u016F ulo\u017Een\xFDch v prost\u0159ed\xED slu\u017E\
            by cloud computingu;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.c
      description: storing backup copies (online or offline) in a safe location or
        locations, which are not in the same network as the system, and are at sufficient
        distance to escape any damage from a disaster at the main site;
      translations:
        es:
          name: null
          description: "almacenamiento de copias de seguridad (en l\xEDnea o fuera\
            \ de l\xEDnea) en uno o varios lugares seguros, que no est\xE9n en la\
            \ misma red que el sistema y que est\xE9n a una distancia suficiente para\
            \ escapar de cualquier da\xF1o provocado por una cat\xE1strofe en el emplazamiento\
            \ principal;"
        cs:
          name: null
          description: "ulo\u017Een\xED z\xE1lo\u017En\xEDch kopi\xED (online nebo\
            \ offline) na bezpe\u010Dn\xE9m m\xEDst\u011B nebo m\xEDstech, kter\xE1\
            \ nejsou ve stejn\xE9 s\xEDti jako syst\xE9m a jsou v dostate\u010Dn\xE9\
            \ vzd\xE1lenosti, aby nedo\u0161lo k po\u0161kozen\xED v p\u0159\xEDpad\u011B\
            \ hav\xE1rie v hlavn\xED provozovn\u011B;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.d
      description: appropriate physical and logical access controls to backup copies,
        in accordance with the asset classification level;
      translations:
        es:
          name: null
          description: "controles adecuados de acceso l\xF3gico y f\xEDsico a las\
            \ copias de seguridad, de conformidad con el nivel de clasificaci\xF3\
            n de activos;"
        cs:
          name: null
          description: "vhodn\xE9 kontroly fyzick\xE9ho a logick\xE9ho p\u0159\xED\
            stupu k z\xE1lo\u017En\xEDm kopi\xEDm v souladu se stupn\u011Bm utajen\xED\
            \ dat;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.e
      description: restoring data from backup copies;
      translations:
        es:
          name: null
          description: "recuperaci\xF3n de datos de las copias de seguridad;"
        cs:
          name: null
          description: "obnoven\xED \xFAdaj\u016F ze z\xE1lo\u017En\xEDch kopi\xED\
            ;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.2
      ref_id: 4.2.2.f
      description: retention periods based on business and regulatory requirements.
      translations:
        es:
          name: null
          description: "plazos de conservaci\xF3n sustentados en los requisitos operativos\
            \ y reglamentarios."
        cs:
          name: null
          description: "doby uchov\xE1v\xE1n\xED na z\xE1klad\u011B obchodn\xEDch\
            \ a regula\u010Dn\xEDch po\u017Eadavk\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.3
      description: The relevant entities shall perform regular integrity checks on
        the backup copies.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes verificar\xE1n regularmente la integridad\
            \ de las copias de seguridad."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty prov\xE1d\u011Bj\xED pravideln\xE9\
            \ kontroly integrity z\xE1lo\u017En\xEDch kopi\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.4
      description: 'Based on the results of the risk assessment carried out pursuant
        to point 2.1 and the business continuity plan, the relevant entities shall
        ensure sufficient availability of resources by at least partial redundancy
        of the following:'
      translations:
        es:
          name: null
          description: "A partir de los resultados de la evaluaci\xF3n de riesgos\
            \ realizada con arreglo al punto 2.1 y el plan de continuidad de las actividades,\
            \ las entidades pertinentes garantizar\xE1n una disponibilidad suficiente\
            \ de los recursos mediante, como m\xEDnimo, la redundancia parcial de\
            \ lo siguiente:"
        cs:
          name: null
          description: "Na z\xE1klad\u011B v\xFDsledk\u016F posouzen\xED rizik proveden\xE9\
            ho podle bodu 2.1 a pl\xE1nu kontinuity provozu zajist\xED p\u0159\xED\
            slu\u0161n\xE9 subjekty dostate\u010Dnou dostupnost zdroj\u016F alespo\u0148\
            \ \u010D\xE1ste\u010Dnou redundanc\xED t\u011Bchto zdroj\u016F:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4
      ref_id: 4.2.4.a
      description: network and information systems;
      translations:
        es:
          name: null
          description: "los sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "s\xEDt\u011B a informa\u010Dn\xED syst\xE9my;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4
      ref_id: 4.2.4.b
      description: assets, including facilities, equipment and supplies;
      translations:
        es:
          name: null
          description: los activos, incluidos las instalaciones, los equipos y los
            suministros;
        cs:
          name: null
          description: "aktiva, v\u010Detn\u011B za\u0159\xEDzen\xED, vybaven\xED\
            \ a z\xE1sob;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4
      ref_id: 4.2.4.c
      description: personnel with the necessary responsibility, authority and competence;
      translations:
        es:
          name: null
          description: el personal con la responsabilidad, la autoridad y las competencias
            necesarias;
        cs:
          name: null
          description: "pracovn\xEDci s pot\u0159ebnou odpov\u011Bdnost\xED, pravomocemi\
            \ a kompetencemi;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.4
      ref_id: 4.2.4.d
      description: appropriate communication channels.
      translations:
        es:
          name: null
          description: "los canales de comunicaci\xF3n adecuados."
        cs:
          name: null
          description: "vhodn\xE9 komunika\u010Dn\xED kan\xE1ly."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.5
      description: Where appropriate, the relevant entities shall ensure that monitoring
        and adjustment of resources, including facilities, systems and personnel,
        is duly informed by backup and redundancy requirements.
      translations:
        es:
          name: null
          description: "Cuando proceda, las entidades pertinentes velar\xE1n por que\
            \ la supervisi\xF3n y el ajuste de los recursos, incluidas las instalaciones,\
            \ los sistemas y el personal, est\xE9n debidamente fundados en los requisitos\
            \ de copias de seguridad y redundancia."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v p\u0159\xEDpad\u011B\
            \ pot\u0159eby zajist\xED, aby sledov\xE1n\xED a p\u0159izp\u016Fsoben\xED\
            \ zdroj\u016F, v\u010Detn\u011B za\u0159\xEDzen\xED, syst\xE9m\u016F a\
            \ zam\u011Bstnanc\u016F, byly \u0159\xE1dn\u011B podlo\u017Eeny po\u017E\
            adavky na z\xE1lohov\xE1n\xED a redundanci."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.2
      ref_id: 4.2.6
      description: The relevant entities shall carry out regular testing of the recovery
        of backup copies and redundancies to ensure that, in recovery conditions,
        they can be relied upon and cover the copies, processes and knowledge to perform
        an effective recovery. The relevant entities shall document the results of
        the tests and, where needed, take corrective action.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes llevar\xE1n a cabo pruebas peri\xF3\
            dicas de la recuperaci\xF3n de copias de seguridad y las redundancias\
            \ para asegurarse de que, en condiciones de recuperaci\xF3n, es posible\
            \ depender de ellas y que engloban las copias, los procesos y los conocimientos\
            \ necesarios para llevar a cabo una recuperaci\xF3n eficaz. Las entidades\
            \ pertinentes documentar\xE1n los resultados de las pruebas y, cuando\
            \ sea necesario, adoptar\xE1n medidas correctoras."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty prov\xE1d\u011Bj\xED pravideln\xE9\
            \ testov\xE1n\xED obnovy z\xE1lo\u017En\xEDch kopi\xED a redundanc\xED\
            , aby bylo zaji\u0161t\u011Bno, \u017Ee se na n\u011B lze v podm\xEDnk\xE1\
            ch obnovy spol\xE9hat a \u017Ee zahrnuj\xED kopie, postupy a znalosti\
            \ k proveden\xED \xFA\u010Dinn\xE9 obnovy. P\u0159\xEDslu\u0161n\xE9 subjekty\
            \ zdokumentuj\xED v\xFDsledky test\u016F a v p\u0159\xEDpad\u011B pot\u0159\
            eby p\u0159ijmou n\xE1pravn\xE1 opat\u0159en\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4
      ref_id: '4.3'
      name: Crisis management
      translations:
        es:
          name: "Gesti\xF3n de crisis"
          description: null
        cs:
          name: "Krizov\xE9 \u0159\xEDzen\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3
      ref_id: 4.3.1
      description: The relevant entities shall put in place a process for crisis management.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes pondr\xE1n en marcha procesos de\
            \ gesti\xF3n de crisis."
        cs:
          name: null
          description: "\tP\u0159\xEDslu\u0161n\xE9 subjekty zavedou postup pro krizov\xE9\
            \ \u0159\xEDzen\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3
      ref_id: 4.3.2
      description: 'The relevant entities shall ensure that the crisis management
        process addresses at least the following elements:'
      translations:
        es:
          name: null
          description: "Las entidades pertinentes velar\xE1n por que los procesos\
            \ de gesti\xF3n de crisis aborden al menos los siguientes elementos:"
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby postup\
            \ krizov\xFDch \u0159\xEDzen\xED zahrnoval alespo\u0148 tyto prvky:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2
      ref_id: 4.3.2.a
      description: roles and responsibilities for personnel and, where appropriate,
        suppliers and service providers, specifying the allocation of roles in crisis
        situations, including specific steps to follow;
      translations:
        es:
          name: null
          description: "los roles y responsabilidades del personal y, cuando proceda,\
            \ los proveedores y los prestadores de servicios, especificando la asignaci\xF3\
            n de roles en situaciones de crisis y los pasos espec\xEDficos que deben\
            \ seguirse;"
        cs:
          name: null
          description: "\xFAlohy a odpov\u011Bdnost zam\u011Bstnanc\u016F a v p\u0159\
            \xEDpad\u011B pot\u0159eby dodavatel\u016F a poskytovatel\u016F slu\u017E\
            eb s uveden\xEDm rozd\u011Blen\xED \xFAkol\u016F v krizov\xFDch situac\xED\
            ch, v\u010Detn\u011B konkr\xE9tn\xEDch krok\u016F, kter\xE9 je t\u0159\
            eba dodr\u017Eovat;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2
      ref_id: 4.3.2.b
      description: appropriate communication means between the relevant entities and
        relevant competent authorities;
      translations:
        es:
          name: null
          description: "los medios de comunicaci\xF3n adecuados entre las entidades\
            \ pertinentes y las autoridades competentes;"
        cs:
          name: null
          description: "vhodn\xE9 komunika\u010Dn\xED prost\u0159edky mezi p\u0159\
            \xEDslu\u0161n\xFDmi subjekty a p\u0159\xEDslu\u0161n\xFDmi org\xE1ny;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2
      ref_id: 4.3.2.c
      description: application of appropriate measures to ensure the maintenance of
        network and information system security in crisis situations.
      translations:
        es:
          name: null
          description: "la aplicaci\xF3n de medidas adecuadas para garantizar el mantenimiento\
            \ de la seguridad de los sistemas de redes y de informaci\xF3n en situaciones\
            \ de crisis."
        cs:
          name: null
          description: "uplat\u0148ov\xE1n\xED vhodn\xFDch opat\u0159en\xED k zaji\u0161\
            t\u011Bn\xED zachov\xE1n\xED bezpe\u010Dnosti s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F v krizov\xFDch situac\xEDch."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2:1
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.2
      description: For the purpose of point (b), the flow of information between the
        relevant entities and relevant competent authorities shall include both obligatory
        communications, such as incident reports and related timelines, and non- obligatory
        communications.
      translations:
        es:
          name: null
          description: "A efectos de la letra b), el flujo de informaci\xF3n entre\
            \ las entidades pertinentes y las autoridades competentes incluir\xE1\
            \ comunicaciones obligatorias, como informes de incidentes y los plazos\
            \ correspondientes, as\xED como comunicaciones facultativas."
        cs:
          name: null
          description: "Pro \xFA\u010Dely p\xEDsmene b) zahrnuje tok informac\xED\
            \ mezi p\u0159\xEDslu\u0161n\xFDmi subjekty a p\u0159\xEDslu\u0161n\xFD\
            mi org\xE1ny jak povinn\xE1 sd\u011Blen\xED, jako jsou ozn\xE1men\xED\
            \ o incidentech a souvisej\xEDc\xED \u010Dasov\xE9 pl\xE1ny, tak nepovinn\xE1\
            \ sd\u011Blen\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3
      ref_id: 4.3.3
      description: The relevant entities shall implement a process for managing and
        making use of information received from the CSIRTs or, where applicable, the
        competent authorities, concerning incidents, vulnerabilities, threats or possible
        mitigation measures.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes pondr\xE1n en marcha procesos para\
            \ gestionar y usar la informaci\xF3n recibida de los CSIRT o, cuando proceda,\
            \ las autoridades competentes, en relaci\xF3n con incidentes, vulnerabilidades,\
            \ amenazas o posibles medidas de mitigaci\xF3n."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zavedou postup pro spr\xE1\
            vu a vyu\u017E\xEDv\xE1n\xED informac\xED obdr\u017Een\xFDch od t\xFD\
            m\u016F CSIRT nebo v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech od\
            \ p\u0159\xEDslu\u0161n\xFDch org\xE1n\u016F, kter\xE9 se t\xFDkaj\xED\
            \ incident\u016F, zranitelnost\xED, hrozeb nebo mo\u017En\xFDch zm\xED\
            r\u0148uj\xEDc\xEDch opat\u0159en\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:4.3
      ref_id: 4.3.4
      description: The relevant entities shall test, review and, where appropriate,
        update the crisis management plan on a regular basis or following significant
        incidents or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\
            \ cuando proceda, actualizar\xE1n los planes de gesti\xF3n de la crisis\
            \ de forma peri\xF3dica o despu\xE9s de incidentes significativos o cambios\
            \ significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pl\xE1n krizov\xE9ho \u0159\
            \xEDzen\xED pravideln\u011B nebo po v\xFDznamn\xFDch incidentech nebo\
            \ v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED \u010Di rizik testuj\xED\
            , p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5
      assessable: false
      depth: 1
      ref_id: '5'
      name: SUPPLY CHAIN SECURITY (ARTICLE 21(2), POINT (D), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "SEGURIDAD DE LAS CADENAS DE SUMINISTRO [Art\xEDculo 21, Apartado\
            \ 2, Letra D), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Bezpe\u010Dnost dodavatelsk\xE9ho \u0159et\u011Bzce (\u010Dl. 21\
            \ odst. 2 p\xEDsm. d) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5
      ref_id: '5.1'
      name: Supply chain security policy
      translations:
        es:
          name: "Pol\xEDtica de seguridad de las cadenas de suministros"
          description: null
        cs:
          name: "Politika bezpe\u010Dnosti dodavatelsk\xE9ho \u0159et\u011Bzce"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.1
      description: For the purpose of Article 21(2), point (d) of Directive (EU) 2022/2555,
        the relevant entities shall establish, implement and apply a supply chain
        security policy which governs the relations with their direct suppliers and
        service providers in order to mitigate the identified risks to the security
        of network and information systems. In the supply chain security policy, the
        relevant entities shall identify their role in the supply chain and communicate
        it to their direct suppliers and service providers.
      translations:
        es:
          name: null
          description: "A efectos del art\xEDculo 21, apartado 2, letra d), de la\
            \ Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1n,\
            \ pondr\xE1n en marcha y aplicar\xE1n una pol\xEDtica de seguridad de\
            \ las cadenas de suministros que rija las relaciones con sus proveedores\
            \ y prestadores de servicios directos con el fin de mitigar los riesgos\
            \ detectados para la seguridad de los sistemas de redes y de informaci\xF3\
            n. En la pol\xEDtica de seguridad de las cadenas de suministros, las entidades\
            \ pertinentes determinar\xE1n su papel en la cadena de suministro y se\
            \ lo comunicar\xE1n a sus proveedores y prestadores de servicios directos."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. d) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou\
            \ a uplat\u0148uj\xED politiku bezpe\u010Dnosti dodavatelsk\xE9ho \u0159\
            et\u011Bzce, kter\xE1 upravuje vztahy s jejich p\u0159\xEDm\xFDmi dodavateli\
            \ a poskytovateli slu\u017Eeb s c\xEDlem zm\xEDrnit zji\u0161t\u011Bn\xE1\
            \ rizika pro bezpe\u010Dnost s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F. V politice bezpe\u010Dnosti dodavatelsk\xE9ho \u0159et\u011B\
            zce p\u0159\xEDslu\u0161n\xE9 subjekty ur\u010D\xED svou \xFAlohu v dodavatelsk\xE9\
            m \u0159et\u011Bzci a sd\u011Bl\xED ji sv\xFDm p\u0159\xEDm\xFDm dodavatel\u016F\
            m a poskytovatel\u016Fm slu\u017Eeb."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.2
      description: 'As part of the supply chain security policy referred to in point
        5.1.1, the relevant entities shall lay down criteria to select and contract
        suppliers and service providers. Those criteria shall include the following:'
      translations:
        es:
          name: null
          description: "Como parte de la pol\xEDtica de la cadena de suministro contemplada\
            \ en el punto 5.1.1, las entidades pertinentes establecer\xE1n criterios\
            \ para seleccionar y contratar a los proveedores y prestadores de servicios.\
            \ Dichos criterios incluir\xE1n lo siguiente:"
        cs:
          name: null
          description: "V r\xE1mci politiky bezpe\u010Dnosti dodavatelsk\xE9ho \u0159\
            et\u011Bzce uveden\xE9 v bod\u011B 5.1.1 stanov\xED p\u0159\xEDslu\u0161\
            n\xE9 subjekty krit\xE9ria pro v\xFDb\u011Br dodavatel\u016F a poskytovatel\u016F\
            \ slu\u017Eeb a uzav\xEDr\xE1n\xED smluv s nimi. Tato krit\xE9ria zahrnuj\xED\
            :"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2
      ref_id: 5.1.2.a
      description: the cybersecurity practices of the suppliers and service providers,
        including their secure development procedures;
      translations:
        es:
          name: null
          description: "las pr\xE1cticas de ciberseguridad de sus proveedores y prestadores\
            \ de servicios, incluidos sus procedimientos de desarrollo seguro;"
        cs:
          name: null
          description: "postupy kybernetick\xE9 bezpe\u010Dnosti dodavatel\u016F a\
            \ poskytovatel\u016F slu\u017Eeb, v\u010Detn\u011B jejich postup\u016F\
            \ k zaji\u0161t\u011Bn\xED bezpe\u010Dn\xE9ho v\xFDvoje;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2
      ref_id: 5.1.2.b
      description: the ability of the suppliers and service providers to meet cybersecurity
        specifications set by the relevant entities;
      translations:
        es:
          name: null
          description: la capacidad de los proveedores y prestadores de servicios
            para cumplir las especificaciones de ciberseguridad establecidas por las
            entidades pertinentes;
        cs:
          name: null
          description: "schopnost dodavatel\u016F a poskytovatel\u016F slu\u017Eeb\
            \ spl\u0148ovat specifikace v oblasti kybernetick\xE9 bezpe\u010Dnosti\
            \ stanoven\xE9 p\u0159\xEDslu\u0161n\xFDmi subjekty;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2
      ref_id: 5.1.2.c
      description: the overall quality and resilience of ICT products and ICT services
        and the cybersecurity risk-management measures embedded in them, including
        the risks and classification level of the ICT products and ICT services;
      translations:
        es:
          name: null
          description: "la calidad general y la resiliencia de los productos y servicios\
            \ TIC y las medidas para la gesti\xF3n de riesgos de ciberseguridad integradas\
            \ en ellos, incluidos los riesgos y el nivel de clasificaci\xF3n de los\
            \ productos y servicios TIC;"
        cs:
          name: null
          description: "celkovou kvalitu a odolnost produkt\u016F a slu\u017Eeb IKT\
            \ a v nich obsa\u017Een\xFDch opat\u0159en\xED pro \u0159\xEDzen\xED kybernetick\xFD\
            ch bezpe\u010Dnostn\xEDch rizik, v\u010Detn\u011B rizik a \xFArovn\u011B\
            \ klasifikace produkt\u016F IKT a slu\u017Eeb IKT;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.2
      ref_id: 5.1.2.d
      description: the ability of the relevant entities to diversify sources of supply
        and limit vendor lock-in, where applicable.
      translations:
        es:
          name: null
          description: la capacidad de las entidades pertinentes de diversificar las
            fuentes de suministro y limitar la dependencia de un proveedor, cuando
            proceda.
        cs:
          name: null
          description: "schopnost p\u0159\xEDslu\u0161n\xFDch subjekt\u016F diverzifikovat\
            \ zdroje dod\xE1vek a v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech\
            \ omezit z\xE1vislost na dodavateli."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.3
      description: When establishing their supply chain security policy, relevant
        entities shall take into account the results of the coordinated security risk
        assessments of critical supply chains carried out in accordance with Article
        22(1) of Directive (EU) 2022/2555, where applicable.
      translations:
        es:
          name: null
          description: "Cuando establezcan su pol\xEDtica de seguridad de la cadena\
            \ de suministro, las entidades pertinentes tendr\xE1n en cuenta los resultados\
            \ de las evaluaciones coordinadas de riesgos para la seguridad de las\
            \ cadenas de suministro cr\xEDticas realizadas de conformidad con el art\xED\
            culo 22, apartado 1, de la Directiva (UE) 2022/2555, seg\xFAn proceda."
        cs:
          name: null
          description: "P\u0159i vytv\xE1\u0159en\xED sv\xE9 politiky bezpe\u010D\
            nosti dodavatelsk\xE9ho \u0159et\u011Bzce p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech zohledn\xED v\xFDsledky\
            \ koordinovan\xE9ho posouzen\xED bezpe\u010Dnostn\xEDch rizik kritick\xFD\
            ch dodavatelsk\xFDch \u0159et\u011Bzc\u016F proveden\xE9ho v souladu s\
            \ \u010Dl. 22 odst. 1 sm\u011Brnice (EU) 2022/2555."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.4
      description: 'Based on the supply chain security policy and taking into account
        the results of the risk assessment carried out in accordance with point 2.1.
        of this Annex, the relevant entities shall ensure that their contracts with
        the suppliers and service providers specify, where appropriate through service
        level agreements, the following, where appropriate:'
      translations:
        es:
          name: null
          description: "A partir de la pol\xEDtica de seguridad de las cadenas de\
            \ suministro y teniendo en cuenta los resultados de la evaluaci\xF3n de\
            \ riesgos realizada de conformidad con el punto 2.1 del presente anexo,\
            \ las entidades pertinentes se asegurar\xE1n de que sus contratos con\
            \ los proveedores y prestadores de servicios especifiquen, cuando proceda\
            \ mediante acuerdos de nivel de servicio, los siguientes elementos, seg\xFA\
            n se requiera:"
        cs:
          name: null
          description: "Na z\xE1klad\u011B politiky bezpe\u010Dnosti dodavatelsk\xE9\
            ho \u0159et\u011Bzce a s p\u0159ihl\xE9dnut\xEDm k v\xFDsledk\u016Fm posouzen\xED\
            \ rizik proveden\xE9ho podle bodu 2.1 t\xE9to p\u0159\xEDlohy p\u0159\xED\
            slu\u0161n\xE9 subjekty zajist\xED, aby jejich smlouvy s dodavateli a\
            \ poskytovateli slu\u017Eeb, a to v p\u0159\xEDpad\u011B pot\u0159eby\
            \ prost\u0159ednictv\xEDm dohod o \xFArovni slu\u017Eeb, stanovovaly:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.a
      description: cybersecurity requirements for the suppliers or service providers,
        including requirements as regards the security in acquisition of ICT services
        or ICT products set out in point 6.1.;
      translations:
        es:
          name: null
          description: "los requisitos de ciberseguridad correspondientes a los proveedores\
            \ y prestadores de servicios, incluidos los requisitos relativos a la\
            \ seguridad en la adquisici\xF3n de productos y servicios TIC establecidos\
            \ en el punto 6.1;"
        cs:
          name: null
          description: "po\u017Eadavky na kybernetickou bezpe\u010Dnost pro dodavatele\
            \ nebo poskytovatele slu\u017Eeb, v\u010Detn\u011B po\u017Eadavk\u016F\
            \ na bezpe\u010Dnost p\u0159i po\u0159izov\xE1n\xED slu\u017Eeb IKT nebo\
            \ produkt\u016F IKT uveden\xFDch v bod\u011B 6.1;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.b
      description: "requirements regarding awareness, skills and training, and where\
        \ appropriate certifications, required from the suppliers\u2019 or service\
        \ providers\u2019 employees;"
      translations:
        es:
          name: null
          description: "los requisitos relativos a la sensibilizaci\xF3n, las capacidades\
            \ y la formaci\xF3n y, cuando proceda, los certificados requeridos de\
            \ los empleados de los proveedores o prestadores de servicios;"
        cs:
          name: null
          description: "po\u017Eadavky na informovanost, dovednosti a \u0161kolen\xED\
            \ a v p\u0159\xEDpad\u011B pot\u0159eby osv\u011Bd\u010Den\xED, kter\xE1\
            \ se vy\u017Eaduj\xED od zam\u011Bstnanc\u016F dodavatel\u016F nebo poskytovatel\u016F\
            \ slu\u017Eeb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.c
      description: "requirements regarding the verification of the background of the\
        \ suppliers\u2019 and service providers\u2019 employees;"
      translations:
        es:
          name: null
          description: los requisitos relativos a los controles de los antecedentes
            personales de los empleados de los proveedores y prestadores de servicios;
        cs:
          name: null
          description: "po\u017Eadavky na ov\u011B\u0159ov\xE1n\xED spolehlivosti\
            \ zam\u011Bstnanc\u016F dodavatel\u016F a poskytovatel\u016F slu\u017E\
            eb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.d
      description: an obligation on suppliers and service providers to notify, without
        undue delay, the relevant entities of incidents that present a risk to the
        security of the network and information systems of those entities;
      translations:
        es:
          name: null
          description: "la obligaci\xF3n de los proveedores y prestadores de servicios\
            \ de informar, sin demora indebida, a las entidades pertinentes de aquellos\
            \ incidentes que presenten un riesgo para la seguridad de los sistemas\
            \ de redes y de informaci\xF3n de dichas entidades;"
        cs:
          name: null
          description: "povinnost dodavatel\u016F a poskytovatel\u016F slu\u017Eeb\
            \ bez zbyte\u010Dn\xE9ho odkladu informovat p\u0159\xEDslu\u0161n\xE9\
            \ subjekty o incidentech, kter\xE9 p\u0159edstavuj\xED riziko pro bezpe\u010D\
            nost s\xEDt\u011B a informa\u010Dn\xEDch syst\xE9m\u016F t\u011Bchto subjekt\u016F\
            ;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.e
      description: the right to audit or right to receive audit reports;
      translations:
        es:
          name: null
          description: "el derecho de auditor\xEDa o el derecho a recibir informes\
            \ de auditor\xEDa;"
        cs:
          name: null
          description: "pr\xE1vo prov\xE9st audit nebo pr\xE1vo obdr\u017Eet auditn\xED\
            \ zpr\xE1vy;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.f
      description: an obligation on suppliers and service providers to handle vulnerabilities
        that present a risk to the security of the network and information systems
        of the relevant entities;
      translations:
        es:
          name: null
          description: "la obligaci\xF3n de los proveedores y prestadores de servicios\
            \ de hacerse cargo de las vulnerabilidades que presenten un riesgo para\
            \ la seguridad de los sistemas de redes y de informaci\xF3n de las entidades\
            \ pertinentes;"
        cs:
          name: null
          description: "povinnost dodavatel\u016F a poskytovatel\u016F slu\u017Eeb\
            \ \u0159e\u0161it zranitelnosti, kter\xE9 p\u0159edstavuj\xED riziko pro\
            \ bezpe\u010Dnost s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F p\u0159\
            \xEDslu\u0161n\xFDch subjekt\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.g
      description: requirements regarding subcontracting and, where the relevant entities
        allow subcontracting, cybersecurity requirements for subcontractors in accordance
        with the cybersecurity requirements referred to in point (a);
      translations:
        es:
          name: null
          description: "los requisitos relativos a la subcontrataci\xF3n y, cuando\
            \ las entidades pertinentes permitan esta \xFAltima, los requisitos de\
            \ ciberseguridad de los subcontratistas de conformidad con los requisitos\
            \ de seguridad contemplados en la letra a);"
        cs:
          name: null
          description: "po\u017Eadavky t\xFDkaj\xEDc\xED se subdod\xE1vek, a pokud\
            \ p\u0159\xEDslu\u0161n\xE9 subjekty subdod\xE1vky umo\u017E\u0148uj\xED\
            , po\u017Eadavky na kybernetickou bezpe\u010Dnost subdodavatel\u016F v\
            \ souladu s po\u017Eadavky na kybernetickou bezpe\u010Dnost uveden\xFD\
            mi v p\xEDsmenu a);"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.4
      ref_id: 5.1.4.h
      description: obligations on the suppliers and service providers at the termination
        of the contract, such as retrieval and disposal of the information obtained
        by the suppliers and service providers in the exercise of their tasks.
      translations:
        es:
          name: null
          description: "las obligaciones de los proveedores y prestadores de servicios\
            \ al finalizar el contrato, tales como la recuperaci\xF3n y eliminaci\xF3\
            n de informaci\xF3n que hayan obtenido en el ejercicio de sus funciones."
        cs:
          name: null
          description: "povinnosti dodavatel\u016F a poskytovatel\u016F slu\u017E\
            eb p\u0159i ukon\u010Den\xED smlouvy, jako je vyhled\xE1n\xED a zni\u010D\
            en\xED informac\xED, kter\xE9 dodavatel\xE9 a poskytovatel\xE9 slu\u017E\
            eb z\xEDskali p\u0159i pln\u011Bn\xED sv\xFDch \xFAkol\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.5
      description: The relevant entities shall take into account the elements referred
        to in point 5.1.2 and 5.1.3. as part of the selection process of new suppliers
        and service providers, as well as part of the procurement process referred
        to in point 6.1.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes tendr\xE1n en cuenta los elementos\
            \ a que se refieren los puntos 5.1.2 y 5.1.3 como parte del proceso de\
            \ selecci\xF3n de nuevos proveedores o prestadores de servicios, y como\
            \ parte del proceso de contrataci\xF3n a que se refiere el punto 6.1."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zohledn\xED prvky uveden\xE9\
            \ v bodech 5.1.2 a 5.1.3 v r\xE1mci procesu v\xFDb\u011Bru nov\xFDch dodavatel\u016F\
            \ a poskytovatel\u016F slu\u017Eeb, ale i v r\xE1mci procesu zad\xE1v\xE1\
            n\xED zak\xE1zek uveden\xE9ho v bod\u011B 6.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.6
      description: The relevant entities shall review the supply chain security policy,
        and monitor, evaluate and, where necessary, act upon changes in the cybersecurity
        practices of suppliers and service providers, at planned intervals and when
        significant changes to operations or risks or significant incidents related
        to the provision of ICT services or having impact on the security of the ICT
        products from suppliers and service providers occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n la pol\xEDtica de seguridad\
            \ de la cadena de suministro y supervisar\xE1n, evaluar\xE1n y, cuando\
            \ proceda, tomar\xE1n medidas acordes con los cambios en las pr\xE1cticas\
            \ de ciberseguridad de los proveedores y prestadores de servicios, a intervalos\
            \ planificados o cuando se produzcan cambios significativos en las operaciones\
            \ o en los riesgos, o acontezcan incidentes significativos relativos a\
            \ la prestaci\xF3n de servicios TIC o que tengan repercusiones en la seguridad\
            \ del producto TIC de los proveedores y prestadores de servicios."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty politiku bezpe\u010Dnosti\
            \ dodavatelsk\xE9ho \u0159et\u011Bzce p\u0159ezkoum\xE1vaj\xED, sleduj\xED\
            \ a vyhodnocuj\xED v pl\xE1novan\xFDch intervalech a v p\u0159\xEDpad\u011B\
            , \u017Ee dojde k v\xFDznamn\xFDm zm\u011Bn\xE1m operac\xED nebo rizik\
            \ nebo k v\xFDznamn\xFDm incident\u016Fm souvisej\xEDc\xEDm s poskytov\xE1\
            n\xEDm slu\u017Eeb IKT nebo maj\xEDc\xEDm dopad na bezpe\u010Dnost produkt\u016F\
            \ IKT od dodavatel\u016F a poskytovatel\u016F slu\u017Eeb, a v p\u0159\
            \xEDpad\u011B pot\u0159eby jednaj\xED v n\xE1vaznosti na zm\u011Bny postup\u016F\
            \ kybernetick\xE9 bezpe\u010Dnosti dodavatel\u016F a poskytovatel\u016F\
            \ slu\u017Eeb."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1
      ref_id: 5.1.7
      description: 'For the purpose of point 5.1.6., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 5.1.6, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 5.1.6 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7
      ref_id: 5.1.7.a
      description: regularly monitor reports on the implementation of the service
        level agreements, where applicable;
      translations:
        es:
          name: null
          description: "supervisar\xE1n peri\xF3dicamente los informes relativos a\
            \ la aplicaci\xF3n de los acuerdos de nivel de servicio, cuando proceda;"
        cs:
          name: null
          description: "v p\u0159\xEDslu\u0161n\xFDch p\u0159\xEDpadech pravideln\u011B\
            \ monitoruj\xED zpr\xE1vy o prov\xE1d\u011Bn\xED dohod o \xFArovni slu\u017E\
            eb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7
      ref_id: 5.1.7.b
      description: review incidents related to ICT products and ICT services from
        suppliers and service providers;
      translations:
        es:
          name: null
          description: "revisar\xE1n los incidentes relacionados con los productos\
            \ y servicios TIC de los proveedores y prestadores de servicios;"
        cs:
          name: null
          description: "p\u0159ezkoum\xE1vaj\xED incidenty t\xFDkaj\xEDc\xED se produkt\u016F\
            \ IKT a slu\u017Eeb ICT od dodavatel\u016F a poskytovatel\u016F slu\u017E\
            eb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7
      ref_id: 5.1.7.c
      description: assess the need for unscheduled reviews and document the findings
        in a comprehensible manner;
      translations:
        es:
          name: null
          description: "evaluar\xE1n la necesidad de revisiones no programadas y recopilar\xE1\
            n las conclusiones de manera comprensible;"
        cs:
          name: null
          description: "posuzuj\xED pot\u0159ebu nepl\xE1novan\xFDch p\u0159ezkum\u016F\
            \ a komplexn\u011B dokumentuj\xED zji\u0161t\u011Bn\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.1.7
      ref_id: 5.1.7.d
      description: analyse the risks presented by changes related to ICT products
        and ICT services from suppliers and service providers and, where appropriate,
        take mitigating measures in a timely manner.
      translations:
        es:
          name: null
          description: "analizar\xE1n los riesgos que planteen los cambios relativos\
            \ a los productos y servicios TIC de los proveedores y prestadores de\
            \ servicios y, cuando proceda, adoptar\xE1n medidas de mitigaci\xF3n a\
            \ su debido tiempo."
        cs:
          name: null
          description: "analyzuj\xED rizika, kter\xE1 p\u0159edstavuj\xED zm\u011B\
            ny souvisej\xEDc\xED s produkty IKT a slu\u017Ebami IKT od dodavatel\u016F\
            \ a poskytovatel\u016F slu\u017Eeb, a v p\u0159\xEDpad\u011B pot\u0159\
            eby v\u010Das p\u0159ij\xEDmaj\xED zm\xEDr\u0148uj\xEDc\xED opat\u0159\
            en\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5
      ref_id: '5.2'
      name: Directory of suppliers and service providers
      translations:
        es:
          name: Directorio de proveedores y prestadores de servicios
          description: null
        cs:
          name: " Seznam dodavatel\u016F a poskytovatel\u016F slu\u017Eeb"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2
      description: 'The relevant entities shall maintain and keep up to date a registry
        of their direct suppliers and service providers, including:'
      translations:
        es:
          name: null
          description: "Las entidades pertinentes mantendr\xE1n y actualizar\xE1n\
            \ un registro de sus proveedores y prestadores de servicios directos,\
            \ en el que incluir\xE1n:"
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vedou a pr\u016Fb\u011B\
            \u017En\u011B aktualizuj\xED registr sv\xFDch p\u0159\xEDm\xFDch dodavatel\u016F\
            \ a poskytovatel\u016F slu\u017Eeb, kter\xFD obsahuje:\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1
      ref_id: 5.2.a
      description: contact points for each direct supplier and service provider;
      translations:
        es:
          name: null
          description: los puntos de contacto correspondientes a cada proveedor o
            prestador de servicios directo;
        cs:
          name: null
          description: "kontaktn\xED m\xEDsta pro ka\u017Ed\xE9ho p\u0159\xEDm\xE9\
            ho dodavatele a poskytovatele slu\u017Eeb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:5.2:1
      ref_id: 5.2.b
      description: a list of ICT products, ICT services, and ICT processes provided
        by the direct supplier or service provider to the relevant entities.
      translations:
        es:
          name: null
          description: una lista de productos TIC, servicios TIC y procesos TIC proporcionados
            por el proveedor o prestador de servicios directo a las entidades pertinentes.
        cs:
          name: null
          description: "seznam produkt\u016F IKT, slu\u017Eeb IKT a proces\u016F IKT\
            \ poskytovan\xFDch p\u0159\xEDm\xFDm dodavatelem nebo poskytovatelem slu\u017E\
            eb p\u0159\xEDslu\u0161n\xFDm subjekt\u016Fm.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      assessable: false
      depth: 1
      ref_id: '6'
      name: SECURITY IN NETWORK AND INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND
        MAINTENANCE (ARTICLE 21(2), POINT (E), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "SEGURIDAD EN LA ADQUISICI\xD3N, EL DESARROLLO Y EL MANTENIMIENTO\
            \ DE SISTEMAS DE REDES Y DE INFORMACI\xD3N [Art\xEDculo 21, Apartado 2,\
            \ Letra E), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Zabezpe\u010Den\xED po\u0159izov\xE1n\xED, v\xFDvoje a \xFAdr\u017E\
            by s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F (\u010Dl. 21 odst.\
            \ 2 p\xEDsm. e) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.1'
      name: Security in acquisition of ICT services or ICT products
      translations:
        es:
          name: "Seguridad en la adquisici\xF3n de servicios TIC o productos TIC"
          description: null
        cs:
          name: "Zabezpe\u010Den\xED po\u0159izov\xE1n\xED slu\u017Eeb IKT nebo produkt\u016F\
            \ IKT"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1
      ref_id: 6.1.1
      description: "For the purpose of Article 21(2), point (e) of Directive (EU)\
        \ 2022/2555, the relevant entities shall set and implement processes to manage\
        \ risks stemming from the acquisition of ICT services or ICT products for\
        \ components that are critical for the relevant entities\u2019 security of\
        \ network and information systems, based on the risk assessment carried out\
        \ pursuant to point 2.1, from suppliers or service providers throughout their\
        \ life cycle."
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra e), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\
            n y pondr\xE1n en marcha procedimientos para gestionar los riesgos derivados\
            \ de la adquisici\xF3n de servicios o productos TIC para componentes que\
            \ sean cr\xEDticos para la seguridad de los sistemas de redes y de informaci\xF3\
            n de las entidades pertinentes, de acuerdo con la evaluaci\xF3n de riesgos\
            \ realizada con arreglo al punto 2.1, de los proveedores o prestadores\
            \ de servicios a lo largo de su vida \xFAtil."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. e) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED a zavedou\
            \ procesy \u0159\xEDzen\xED rizik vypl\xFDvaj\xEDc\xEDch z po\u0159izov\xE1\
            n\xED slu\u017Eeb IKT nebo produkt\u016F IKT pro komponenty, kter\xE9\
            \ jsou kritick\xE9 pro bezpe\u010Dnost s\xEDt\xED a informa\u010Dn\xED\
            ch syst\xE9m\u016F p\u0159\xEDslu\u0161n\xFDch subjekt\u016F a kter\xE9\
            \ poch\xE1zej\xED od dodavatel\u016F nebo poskytovatel\u016F slu\u017E\
            eb, po celou dobu jejich \u017Eivotnosti na z\xE1klad\u011B posouzen\xED\
            \ rizik proveden\xE9ho podle bodu 2.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1
      ref_id: 6.1.2
      description: 'For the purpose of point 6.1.1., the processes referred to in
        point 6.1.1. shall include:'
      translations:
        es:
          name: null
          description: "A los efectos del punto 6.1.1, los procedimientos contemplados\
            \ en el mismo incluir\xE1n:"
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 6.1.1 procesy uveden\xE9 v bod\u011B\
            \ 6.1.1 zahrnuj\xED:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.a
      description: security requirements to apply to the ICT services or ICT products
        to be acquired;
      translations:
        es:
          name: null
          description: requisitos de seguridad aplicables a los servicios o productos
            TIC que vayan a adquirirse;
        cs:
          name: null
          description: "bezpe\u010Dnostn\xED po\u017Eadavky, kter\xE9 se maj\xED vztahovat\
            \ na po\u0159izovan\xE9 slu\u017Eby IKT nebo produkty IKT;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.b
      description: requirements regarding security updates throughout the entire lifetime
        of the ICT services or ICT products, or replacement after the end of the support
        period;
      translations:
        es:
          name: null
          description: "requisitos relativos a las actualizaciones de seguridad a\
            \ lo largo de toda la vida \xFAtil de los productos o servicios TIC o\
            \ a su sustituci\xF3n tras el final del per\xEDodo de soporte;"
        cs:
          name: null
          description: "po\u017Eadavky t\xFDkaj\xEDc\xED se bezpe\u010Dnostn\xEDch\
            \ aktualizac\xED po celou dobu \u017Eivotnosti slu\u017Eeb IKT nebo produkt\u016F\
            \ IKT nebo nahrazen\xED po skon\u010Den\xED doby podpory;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.c
      description: information describing the hardware and software components used
        in the ICT services or ICT products;
      translations:
        es:
          name: null
          description: "informaci\xF3n que describa los componentes de hardware y\
            \ software utilizados en los servicios y productos TIC;"
        cs:
          name: null
          description: "informace popisuj\xEDc\xED hardwarov\xE9 a softwarov\xE9 komponenty\
            \ pou\u017E\xEDvan\xE9 ve slu\u017Eb\xE1ch IKT nebo produktech IKT;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.d
      description: information describing the implemented cybersecurity functions
        of the ICT services or ICT products and the configuration required for their
        secure operation;
      translations:
        es:
          name: null
          description: "informaci\xF3n que describa las funciones de ciberseguridad\
            \ de los servicios o productos TIC puestas en marcha o la configuraci\xF3\
            n necesaria para su funcionamiento seguro;"
        cs:
          name: null
          description: "informace popisuj\xEDc\xED zaveden\xE9 funkce kybernetick\xE9\
            \ bezpe\u010Dnosti ve slu\u017Eb\xE1ch IKT nebo produktech ICT a konfiguraci\
            \ pot\u0159ebnou pro jejich bezpe\u010Dn\xFD provoz;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.e
      description: assurance that the ICT services or ICT products comply with the
        security requirements according to point (a);
      translations:
        es:
          name: null
          description: "garant\xEDas de que los servicios o productos TIC cumplen\
            \ los requisitos de seguridad con arreglo a la letra a);"
        cs:
          name: null
          description: "uji\u0161t\u011Bn\xED, \u017Ee slu\u017Eby IKT nebo produkty\
            \ IKT spl\u0148uj\xED bezpe\u010Dnostn\xED po\u017Eadavky podle p\xED\
            smene a);\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.2
      ref_id: 6.1.2.f
      description: methods for validating that the delivered ICT services or ICT products
        are compliant to the stated security requirements, as well as documentation
        of the results of the validation.
      translations:
        es:
          name: null
          description: "m\xE9todos para validar el cumplimiento de los requisitos\
            \ de seguridad declarados por parte de los servicios o productos de TIC\
            \ suministrados, y documentaci\xF3n de los resultados de la validaci\xF3\
            n."
        cs:
          name: null
          description: "metody ov\u011B\u0159ov\xE1n\xED, zda dodan\xE9 slu\u017E\
            by IKT nebo produkty IKT spl\u0148uj\xED stanoven\xE9 bezpe\u010Dnostn\xED\
            \ po\u017Eadavky, a zdokumentov\xE1n\xED v\xFDsledk\u016F ov\u011B\u0159\
            ov\xE1n\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.1
      ref_id: 6.1.3
      description: The relevant entities shall review and, where appropriate, update
        the processes at planned intervals and when significant incidents occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n los procedimientos a intervalos planificados, as\xED\
            \ como cuando se produzcan incidentes significativos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty procesy p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1\
            novan\xFDch intervalech a p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.2'
      name: Secure development life cycle
      translations:
        es:
          name: Ciclo de vida del desarrollo seguro
          description: null
        cs:
          name: "\u017Divotn\xED cyklus bezpe\u010Dn\xE9ho v\xFDvoje"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2
      ref_id: 6.2.1
      description: Before developing a network and information system, including software,
        the relevant entities shall lay down rules for the secure development of network
        and information systems and apply them when developing network and information
        systems in-house, or when outsourcing the development of network and information
        systems. The rules shall cover all development phases, including specification,
        design, development, implementation and testing.
      translations:
        es:
          name: null
          description: "Antes de desarrollar un sistema de redes y de informaci\xF3\
            n, incluidos los programas inform\xE1ticos, las entidades pertinentes\
            \ establecer\xE1n normas para el desarrollo seguro del mismo, y las aplicar\xE1\
            n al desarrollar estos sistemas de redes y de informaci\xF3n internamente\
            \ o cuando externalicen dicho desarrollo. Las normas englobar\xE1n todas\
            \ las fases de desarrollo, como las especificaciones, el dise\xF1o, la\
            \ creaci\xF3n, la implantaci\xF3n y las pruebas."
        cs:
          name: null
          description: "P\u0159ed v\xFDvojem s\xEDt\u011B a informa\u010Dn\xEDho syst\xE9\
            mu, v\u010Detn\u011B softwaru, stanov\xED p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ pravidla pro bezpe\u010Dn\xFD v\xFDvoj s\xEDt\xED a informa\u010Dn\xED\
            ch syst\xE9m\u016F a uplat\u0148uj\xED je p\u0159i v\xFDvoji s\xEDt\xED\
            \ a informa\u010Dn\xEDch syst\xE9m\u016F v r\xE1mci podniku nebo p\u0159\
            i zad\xE1v\xE1n\xED v\xFDvoje s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F extern\xEDm dodavatel\u016Fm. Pravidla se vztahuj\xED na v\u0161\
            echny f\xE1ze v\xFDvoje, v\u010Detn\u011B specifikace, n\xE1vrhu, v\xFD\
            voje, implementace a testov\xE1n\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2
      ref_id: 6.2.2
      description: 'For the purpose of point 6.2.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 6.2.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 6.2.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.a
      description: carry out an analysis of security requirements at the specification
        and design phases of any development or acquisition project undertaken by
        the relevant entities or on behalf of those entities;
      translations:
        es:
          name: null
          description: "llevar\xE1n a cabo an\xE1lisis de los requisitos de seguridad\
            \ en las fases de especificaci\xF3n y dise\xF1o de cualquier proyecto\
            \ de desarrollo o adquisici\xF3n emprendido por ellas mismas o en su nombre;"
        cs:
          name: null
          description: "prov\xE1d\u011Bj\xED anal\xFDzu bezpe\u010Dnostn\xEDch po\u017E\
            adavk\u016F ve f\xE1z\xEDch specifikace a n\xE1vrhu jak\xE9hokoli projektu\
            \ v\xFDvoje nebo po\u0159\xEDzen\xED realizovan\xE9ho p\u0159\xEDslu\u0161\
            n\xFDmi subjekty nebo jejich jm\xE9nem;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.b
      description: apply principles for engineering secure systems and secure coding
        principles to any information system development activities such as promoting
        cybersecurity-by-design, zero-trust architectures;
      translations:
        es:
          name: null
          description: "aplicar\xE1n los principios para dise\xF1ar sistemas seguros\
            \ y principios de codificaci\xF3n seguros a toda actividad de desarrollo\
            \ de sistemas de informaci\xF3n, tales como la promoci\xF3n de la ciberseguridad\
            \ desde el dise\xF1o o las arquitecturas de confianza cero;"
        cs:
          name: null
          description: "uplat\u0148uj\xED z\xE1sady pro in\u017Een\xFDring bezpe\u010D\
            n\xFDch syst\xE9m\u016F a z\xE1sady bezpe\u010Dn\xE9ho k\xF3dov\xE1n\xED\
            \ na v\u0161echny \u010Dinnosti spojen\xE9 s v\xFDvojem informa\u010D\
            n\xEDch syst\xE9m\u016F, jako je podpora kybernetick\xE9 bezpe\u010Dnosti\
            \ ji\u017E od n\xE1vrhu a architektury nulov\xE9 d\u016Fv\u011Bry;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.c
      description: lay down security requirements regarding development environments;
      translations:
        es:
          name: null
          description: "establecer\xE1n requisitos de seguridad en relaci\xF3n con\
            \ los entornos de desarrollo;"
        cs:
          name: null
          description: "stanov\xED bezpe\u010Dnostn\xED po\u017Eadavky t\xFDkaj\xED\
            c\xED se prost\u0159ed\xED v\xFDvoje;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.d
      description: establish and implement security testing processes in the development
        life cycle;
      translations:
        es:
          name: null
          description: "establecer\xE1n y aplicar\xE1n procesos de pruebas de seguridad\
            \ en el ciclo de vida del desarrollo;"
        cs:
          name: null
          description: "zav\xE1d\u011Bj\xED a implementuj\xED procesy testov\xE1n\xED\
            \ bezpe\u010Dnosti b\u011Bhem \u017Eivotn\xEDho cyklu v\xFDvoje;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.e
      description: appropriately select, protect and manage security test data;
      translations:
        es:
          name: null
          description: "seleccionar\xE1n, proteger\xE1n y gestionar\xE1n adecuadamente\
            \ los datos de las pruebas de seguridad;"
        cs:
          name: null
          description: "vhodn\xFDm zp\u016Fsobem vyb\xEDraj\xED, chr\xE1n\xED a spravuj\xED\
            \ \xFAdaj\u016F o bezpe\u010Dnostn\xEDch testech;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.2
      ref_id: 6.2.2.f
      description: sanitise and anonymise testing data according to the risk assessment
        carried out pursuant to point 2.1.
      translations:
        es:
          name: null
          description: "sanear\xE1n y anonimizar\xE1n los datos de las pruebas con\
            \ arreglo a la evaluaci\xF3n de riesgos realizada de conformidad con el\
            \ punto 2.1."
        cs:
          name: null
          description: "opravuj\xED a anonymizuj\xED \xFAdaje o testov\xE1n\xED podle\
            \ posouzen\xED rizik proveden\xE9ho podle bodu 2.1.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2
      ref_id: 6.2.3
      description: For outsourced development of network and information systems,
        the relevant entities shall also apply the policies and procedures referred
        to in points 5 and 6.1.
      translations:
        es:
          name: null
          description: "En cuanto a la externalizaci\xF3n del desarrollo de sistemas\
            \ de redes y de informaci\xF3n, las entidades pertinentes tambi\xE9n aplicar\xE1\
            n las pol\xEDticas y procedimientos a que se refieren los puntos 5 y 6.1."
        cs:
          name: null
          description: "P\u0159i extern\u011B zaji\u0161\u0165ovan\xE9m v\xFDvoji\
            \ s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F p\u0159\xEDslu\u0161\
            n\xE9 subjekty uplat\u0148uj\xED rovn\u011B\u017E z\xE1sady a postupy\
            \ uveden\xE9 v bodech 5 a 6.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.2
      ref_id: 6.2.4
      description: The relevant entities shall review and, where necessary, update
        their secure development rules at planned intervals.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las normas de desarrollo seguro a intervalos planificados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoumaj\xED a, je-li to nutn\xE9, aktualizuj\xED sv\xE1 pravidla\
            \ bezpe\u010Dn\xE9ho v\xFDvoje."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.3'
      name: Configuration management
      translations:
        es:
          name: "Gesti\xF3n de configuraciones"
          description: null
        cs:
          name: "Spr\xE1va konfigurace"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3
      ref_id: 6.3.1
      description: The relevant entities shall take the appropriate measures to establish,
        document, implement, and monitor configurations, including security configurations
        of hardware, software, services and networks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes adoptar\xE1n las medidas adecuadas\
            \ para establecer, documentar, poner en marcha y supervisar las configuraciones,\
            \ incluidas las configuraciones de seguridad del hardware de los equipos\
            \ y programas inform\xE1ticos, los servicios y las redes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty p\u0159ijmou vhodn\xE1\
            \ opat\u0159en\xED k vytvo\u0159en\xED, zdokumentov\xE1n\xED, zaveden\xED\
            \ a monitorov\xE1n\xED konfigurac\xED, v\u010Detn\u011B bezpe\u010Dnostn\xED\
            ch konfigurac\xED hardwaru, softwaru, slu\u017Eeb a s\xEDt\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3
      ref_id: 6.3.2
      description: 'For the purpose of point 6.3.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 6.3.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 6.3.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2
      ref_id: 6.3.2.a
      description: lay down and ensure security in configurations for their hardware,
        software, services and networks;
      translations:
        es:
          name: null
          description: "crear\xE1n un entorno seguro en las configuraciones de sus\
            \ equipos y programas inform\xE1ticos, servicios y redes y lo mantendr\xE1\
            n;"
        cs:
          name: null
          description: "stanov\xED a zajist\xED bezpe\u010Dnost konfigurac\xED pro\
            \ sv\u016Fj hardware, software, slu\u017Eby a s\xEDt\u011B;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.2
      ref_id: 6.3.2.b
      description: lay down and implement processes and tools to enforce the laid
        down secure configurations for hardware, software, services and networks,
        for newly installed systems as well as for systems in operation over their
        lifetime.
      translations:
        es:
          name: null
          description: "establecer\xE1n y pondr\xE1n en marcha procesos y herramientas\
            \ para dar cumplimiento a las configuraciones seguras establecidas para\
            \ los equipos y programas inform\xE1ticos, servicios y redes, para los\
            \ sistemas de nueva instalaci\xF3n y los sistemas en funcionamiento a\
            \ lo largo de todo su ciclo de vida."
        cs:
          name: null
          description: "stanov\xED a zavedou procesy a n\xE1stroje pro vynucov\xE1\
            n\xED stanoven\xFDch bezpe\u010Dn\xFDch konfigurac\xED pro hardware, software,\
            \ slu\u017Eby a s\xEDt\u011B, pro nov\u011B instalovan\xE9 syst\xE9my\
            \ i pro syst\xE9my v provozu, a to po celou dobu jejich \u017Eivotnosti.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.3
      ref_id: 6.3.3
      description: The relevant entities shall review and, where appropriate, update
        configurations at planned intervals or when significant incidents or significant
        changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las configuraciones a intervalos planificados, as\xED\
            \ como cuando se produzcan incidentes significativos o cambios significativos\
            \ en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty konfigurace p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1\
            novan\xFDch intervalech nebo p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            \ nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.4'
      name: Change management, repairs and maintenance
      translations:
        es:
          name: "Gesti\xF3n de cambios, reparaciones y mantenimiento"
          description: null
        cs:
          name: " \u0158\xEDzen\xED zm\u011Bn, opravy a \xFAdr\u017Eba"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4
      ref_id: 6.4.1
      description: "The relevant entities shall apply change management procedures\
        \ to control changes of network and information systems. Where applicable,\
        \ the procedures shall be consistent with the relevant entities\u2019 general\
        \ policies concerning change management."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes aplicar\xE1n procedimientos de gesti\xF3\
            n de cambios para controlar aquellos que se produzcan en los sistemas\
            \ de redes y de informaci\xF3n. Los procedimientos ser\xE1n, seg\xFAn\
            \ proceda, coherentes con las pol\xEDticas generales de las entidades\
            \ pertinentes relativas a la gesti\xF3n de cambios."
        cs:
          name: null
          description: "P\u0159i \u0159\xEDzen\xED zm\u011Bn v s\xEDt\xEDch a informa\u010D\
            n\xEDch syst\xE9mech p\u0159\xEDslu\u0161n\xE9 subjekty uplat\u0148uj\xED\
            \ postupy \u0159\xEDzen\xED zm\u011Bn. V p\u0159\xEDslu\u0161n\xFDch p\u0159\
            \xEDpadech mus\xED b\xFDt takov\xE9 postupy v souladu s obecn\xFDmi politikami\
            \ \u0159\xEDzen\xED zm\u011Bn p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4
      ref_id: 6.4.2
      description: The procedures referred to in point 6.4.1. shall be applied for
        releases, modifications and emergency changes of any software and hardware
        in operation and changes to the configuration. The procedures shall ensure
        that those changes are documented and, based on the risk assessment carried
        out pursuant to point 2.1, tested and assessed in view of the potential impact
        before being implemented.
      translations:
        es:
          name: null
          description: "Los procedimientos contemplados en el punto 6.4.1 se aplicar\xE1\
            n en el caso de lanzamientos, modificaciones y cambios de emergencia de\
            \ cualquier equipo o programa inform\xE1tico en funcionamiento o de cambios\
            \ en la configuraci\xF3n. Los procedimientos garantizar\xE1n que dichos\
            \ cambios se documenten y, a partir de la evaluaci\xF3n de riesgos realizada\
            \ de acuerdo con el punto 2.1, se prueben y eval\xFAen teniendo en cuenta\
            \ el impacto potencial antes de su aplicaci\xF3n."
        cs:
          name: null
          description: "Postupy uveden\xE9 v bod\u011B 6.4.1. se uplatn\xED na vyd\xE1\
            n\xED, \xFApravy a mimo\u0159\xE1dn\xE9 zm\u011Bny jak\xE9hokoli softwaru\
            \ a hardwaru p\u0159i provozu a zm\u011Bn\xE1ch konfigurace. Postupy zajist\xED\
            , aby tyto zm\u011Bny byly zdokumentov\xE1ny a na z\xE1klad\u011B posouzen\xED\
            \ rizik proveden\xE9ho podle bodu 2.1 byly p\u0159ed proveden\xEDm testov\xE1\
            ny a posouzeny z hlediska mo\u017En\xE9ho dopadu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4
      ref_id: 6.4.3
      description: In the event that the regular change management procedures could
        not be followed due to an emergency, the relevant entities shall document
        the result of the change, and the explanation for why the procedures could
        not be followed.
      translations:
        es:
          name: null
          description: "En caso de que los procedimientos habituales de gesti\xF3\
            n de cambios no puedan seguirse debido a una emergencia, las entidades\
            \ pertinentes documentar\xE1n el resultado del cambio y explicar\xE1n\
            \ por qu\xE9 no pudieron seguirse dichos procedimientos."
        cs:
          name: null
          description: "V p\u0159\xEDpad\u011B, \u017Ee nebylo mo\u017En\xE9 dodr\u017E\
            et standardn\xED postupy \u0159\xEDzen\xED zm\u011Bn z d\u016Fvodu mimo\u0159\
            \xE1dn\xE9 ud\xE1losti, p\u0159\xEDslu\u0161n\xE9 subjekty zdokumentuj\xED\
            \ v\xFDsledek zm\u011Bny a vysv\u011Btlen\xED, pro\u010D nebylo mo\u017E\
            n\xE9 postupy dodr\u017Eet."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.4
      ref_id: 6.4.4
      description: The relevant entities shall review and, where appropriate, update
        the procedures at planned intervals and when significant incidents or significant
        changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n los procedimientos a intervalos planificados, as\xED\
            \ como cuando se produzcan incidentes significativos o cambios significativos\
            \ en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty postupy p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1\
            novan\xFDch intervalech a p\u0159i v\xFDznamn\xFDch incidentech nebo v\xFD\
            znamn\xFDch zm\u011Bn\xE1ch operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.5'
      name: Security testing
      translations:
        es:
          name: Pruebas de seguridad
          description: null
        cs:
          name: "estov\xE1n\xED bezpe\u010Dnosti"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5
      ref_id: 6.5.1
      description: The relevant entities shall establish, implement and apply a policy
        and procedures for security testing.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\
            \ y aplicar\xE1n orientaciones y procedimientos para las pruebas de seguridad."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou a uplat\u0148\
            uj\xED politiku a postupy pro testov\xE1n\xED bezpe\u010Dnosti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5
      ref_id: 6.5.2
      description: 'The relevant entities shall:'
      translations:
        es:
          name: null
          description: 'Las entidades pertinentes:'
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2
      ref_id: 6.5.2.a
      description: establish, based on the risk assessment carried out pursuant to
        point 2.1, the need, scope, frequency and type of security tests;
      translations:
        es:
          name: null
          description: "establecer\xE1n, a partir de la evaluaci\xF3n de riesgos realizada\
            \ de acuerdo con el punto 2.1, la necesidad, el alcance, la frecuencia\
            \ y el tipo de pruebas de seguridad;"
        cs:
          name: null
          description: "na z\xE1klad\u011B posouzen\xED rizik proveden\xE9ho podle\
            \ bodu 2.1 stanov\xED pot\u0159ebu, rozsah, \u010Detnost a typ bezpe\u010D\
            nostn\xEDch test\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2
      ref_id: 6.5.2.b
      description: carry out security tests according to a documented test methodology,
        covering the components identified as relevant for secure operation in a risk
        analysis;
      translations:
        es:
          name: null
          description: "realizar\xE1n pruebas de seguridad de acuerdo con una metodolog\xED\
            a de prueba documentada, que englobe los elementos se\xF1alados como relevantes\
            \ para el funcionamiento seguro en un an\xE1lisis de riesgos;"
        cs:
          name: null
          description: "prov\xE1d\u011Bj\xED bezpe\u010Dnostn\xED testy podle zdokumentovan\xE9\
            \ metodiky testov\xE1n\xED, kter\xE1 se vztahuje na slo\u017Eky identifikovan\xE9\
            \ v anal\xFDze rizik jako d\u016Fle\u017Eit\xE9 pro bezpe\u010Dn\xFD provoz;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2
      ref_id: 6.5.2.c
      description: document the type, scope, time and results of the tests, including
        assessment of criticality and mitigating actions for each finding;
      translations:
        es:
          name: null
          description: "documentar\xE1n el tipo, el alcance, la fecha y los resultados\
            \ de las pruebas, incluidas la evaluaci\xF3n del car\xE1cter esencial\
            \ y las medidas de mitigaci\xF3n correspondientes a cada hallazgo;"
        cs:
          name: null
          description: "dokumentuj\xED typ, rozsah, \u010Das a v\xFDsledky test\u016F\
            , v\u010Detn\u011B posouzen\xED kriti\u010Dnosti a zm\xEDr\u0148uj\xED\
            c\xEDch opat\u0159en\xED pro ka\u017Ed\xE9 zji\u0161t\u011Bn\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.2
      ref_id: 6.5.2.d
      description: apply mitigating actions in case of critical findings.
      translations:
        es:
          name: null
          description: "aplicar\xE1n medidas de mitigaci\xF3n en caso de que se produzcan\
            \ hallazgos cr\xEDticos."
        cs:
          name: null
          description: "v p\u0159\xEDpad\u011B kritick\xFDch zji\u0161t\u011Bn\xED\
            \ uplatn\xED zm\xEDr\u0148uj\xEDc\xED opat\u0159en\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.5
      ref_id: 6.5.3
      description: The relevant entities shall review and, where appropriate, update
        their security testing policies at planned intervals.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las pol\xEDticas de pruebas de seguridad a intervalos\
            \ planificados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty sv\xE9 politiky testov\xE1\
            n\xED bezpe\u010Dnosti p\u0159ezkoumaj\xED a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuj\xED v pl\xE1novan\xFDch intervalech."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.6'
      name: Security patch management
      translations:
        es:
          name: "Gesti\xF3n de parches de seguridad"
          description: null
        cs:
          name: "\u0158\xEDzen\xED bezpe\u010Dnostn\xEDch z\xE1plat"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6
      ref_id: 6.6.1
      description: 'The relevant entities shall specify and apply procedures, coherent
        with the change management procedures referred to in point 6.4.1. as well
        as with vulnerability management, risk management and other relevant management
        procedures, for ensuring that:'
      translations:
        es:
          name: null
          description: "Las entidades pertinentes detallar\xE1n y aplicar\xE1n procedimientos\
            \ coherentes con los procedimientos de gesti\xF3n de cambios a que se\
            \ refiere el punto 6.4.1, de gesti\xF3n de vulnerabilidades, de gesti\xF3\
            n del riesgo y otros procedimientos de gesti\xF3n pertinentes para garantizar\
            \ que:"
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED a uplat\u0148\
            uj\xED postupy, kter\xE9 jsou v souladu s postupy \u0159\xEDzen\xED zm\u011B\
            n uveden\xFDmi v bod\u011B 6.4.1, jako\u017E i s postupy \u0159\xEDzen\xED\
            \ zranitelnost\xED, \u0159\xEDzen\xED rizik a dal\u0161\xEDmi p\u0159\xED\
            slu\u0161n\xFDmi postupy., a to s c\xEDlem zajistit, \u017Ee:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1
      ref_id: 6.6.1.a
      description: security patches are applied within a reasonable time after they
        become available;
      translations:
        es:
          name: null
          description: "los parches de seguridad se apliquen en un plazo razonable\
            \ desde el momento en que est\xE9n disponibles;"
        cs:
          name: null
          description: "bezpe\u010Dnostn\xED z\xE1platy se pou\u017Eij\xED v p\u0159\
            im\u011B\u0159en\xE9 dob\u011B pot\xE9, co za\u010Daly b\xFDt k dispozici;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1
      ref_id: 6.6.1.b
      description: security patches are tested before being applied in production
        systems;
      translations:
        es:
          name: null
          description: "los parches de seguridad se sometan a ensayo antes de ponerlos\
            \ en marcha en los sistemas de producci\xF3n;"
        cs:
          name: null
          description: "bezpe\u010Dnostn\xED z\xE1platy se p\u0159ed pou\u017Eit\xED\
            m v produk\u010Dn\xEDch syst\xE9mech otestuj\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1
      ref_id: 6.6.1.c
      description: security patches come from trusted sources and are checked for
        integrity;
      translations:
        es:
          name: null
          description: los parches de seguridad procedan de fuentes de confianza y
            se compruebe su integridad;
        cs:
          name: null
          description: "bezpe\u010Dnostn\xED z\xE1platy poch\xE1zej\xED z d\u016F\
            v\u011Bryhodn\xFDch zdroj\u016F a jejich integrita je kontrolov\xE1na;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.1
      ref_id: 6.6.1.d
      description: additional measures are implemented and residual risks are accepted
        in cases where a patch is not available or not applied pursuant to point 6.6.2.
      translations:
        es:
          name: null
          description: se adopten medidas adicionales y se acepten los riesgos residuales
            en aquellos casos en que no haya un parche disponible o no pueda aplicarse
            conforme al punto 6.6.2.
        cs:
          name: null
          description: "v p\u0159\xEDpadech, kdy z\xE1plata nen\xED k dispozici nebo\
            \ kdy nen\xED nepou\u017Eita podle bodu 6.6.2, jsou zavedena dal\u0161\
            \xED opat\u0159en\xED a akceptov\xE1na zbytkov\xE1 rizika.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.6
      ref_id: 6.6.2
      description: By way of derogation from point 6.6.1.(a), the relevant entities
        may choose not to apply security patches when the disadvantages of applying
        the security patches outweigh the cybersecurity benefits. The relevant entities
        shall duly document and substantiate the reasons for any such decision.
      translations:
        es:
          name: null
          description: "Como excepci\xF3n al punto 6.6.1, letra a), las entidades\
            \ pertinentes podr\xE1n optar por no aplicar parches de seguridad cuando\
            \ las desventajas de aplicarlos superen los beneficios de ciberseguridad.\
            \ Las entidades pertinentes documentar\xE1n y justificar\xE1n debidamente\
            \ los motivos de tal decisi\xF3n."
        cs:
          name: null
          description: "Odchyln\u011B od bodu 6.6.1 p\xEDsm. a) se p\u0159\xEDslu\u0161\
            n\xE9 subjekty mohou rozhodnout bezpe\u010Dnostn\xED z\xE1platy nepou\u017E\
            \xEDt, pokud nev\xFDhody pou\u017Eit\xED bezpe\u010Dnostn\xEDch z\xE1\
            plat p\u0159eva\u017Euj\xED nad p\u0159\xEDnosy pro kybernetickou bezpe\u010D\
            nost. P\u0159\xEDslu\u0161n\xE9 subjekty ka\u017Ed\xE9 takov\xE9 rozhodnut\xED\
            \ \u0159\xE1dn\u011B zdokumentuj\xED a zd\u016Fvodn\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.7'
      name: Network security
      translations:
        es:
          name: Seguridad de las redes
          description: null
        cs:
          name: "Bezpe\u010Dnost s\xEDt\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7
      ref_id: 6.7.1
      description: The relevant entities shall take the appropriate measures to protect
        their network and information systems from cyber threats.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes adoptar\xE1n medidas adecuadas para\
            \ proteger sus sistemas de redes y de informaci\xF3n de las ciberamenazas."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty p\u0159ijmou vhodn\xE1\
            \ opat\u0159en\xED na ochranu sv\xFDch s\xEDt\xED a informa\u010Dn\xED\
            ch syst\xE9m\u016F p\u0159ed kybernetick\xFDmi hrozbami."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7
      ref_id: 6.7.2
      description: 'For the purpose of point 6.7.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 6.7.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 6.7.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.a
      description: document the architecture of the network in a comprehensible and
        up to date manner;
      translations:
        es:
          name: null
          description: "documentar\xE1n la arquitectura de la red de manera comprensible\
            \ y actualizada;"
        cs:
          name: null
          description: "v komplexn\xED a aktu\xE1ln\xED podob\u011B zdokumentuj\xED\
            \ architekturu s\xEDt\u011B;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.b
      description: "determine and apply controls to protect the relevant entities\u2019\
        \ internal network domains from unauthorised access;"
      translations:
        es:
          name: null
          description: "establecer\xE1n y aplicar\xE1n controles para proteger los\
            \ dominios de red internos de las entidades pertinentes frente al acceso\
            \ no autorizado;"
        cs:
          name: null
          description: "ur\u010D\xED a uplatn\xED kontroln\xED mechanismy na ochranu\
            \ vnit\u0159n\xEDch s\xED\u0165ov\xFDch dom\xE9n p\u0159\xEDslu\u0161\
            n\xFDch subjekt\u016F p\u0159ed neopr\xE1vn\u011Bn\xFDm p\u0159\xEDstupem;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.c
      description: configure controls to prevent accesses and network communication
        not required for the operation of the relevant entities;
      translations:
        es:
          name: null
          description: "configurar\xE1n los controles para impedir el acceso y las\
            \ comunicaciones de la red que no sean necesarios para el funcionamiento\
            \ de las entidades pertinentes;"
        cs:
          name: null
          description: "nakonfiguruj\xED kontroly, kter\xE9 zabr\xE1n\xED p\u0159\xED\
            stup\u016Fm a s\xED\u0165ov\xE9 komunikaci, je\u017E nejsou nutn\xE9 pro\
            \ provoz p\u0159\xEDslu\u0161n\xFDch subjekt\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.d
      description: determine and apply controls for remote access to network and information
        systems, including access by service providers;
      translations:
        es:
          name: null
          description: "establecer\xE1n y aplicar\xE1n controles del acceso remoto\
            \ a los sistemas de redes y de informaci\xF3n, incluido el acceso por\
            \ parte de los proveedores de servicios;"
        cs:
          name: null
          description: "ur\u010D\xED a uplatn\xED kontroly vzd\xE1len\xE9ho p\u0159\
            \xEDstupu k s\xEDt\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm, v\u010D\
            etn\u011B p\u0159\xEDstupu ze strany poskytovatel\u016F slu\u017Eeb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.e
      description: not use systems used for administration of the security policy
        implementation for other purposes;
      translations:
        es:
          name: null
          description: "no utilizar\xE1n los sistemas empleados para gestionar la\
            \ aplicaci\xF3n de la pol\xEDtica de seguridad para otros fines;"
        cs:
          name: null
          description: "nevyu\u017Eij\xED syst\xE9my pou\u017E\xEDvan\xE9 pro spr\xE1\
            vu prov\xE1d\u011Bn\xED z\xE1sad zabezpe\u010Den\xED k jin\xFDm \xFA\u010D\
            el\u016Fm;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.f
      description: explicitly forbid or deactivate unneeded connections and services;
      translations:
        es:
          name: null
          description: "prohibir\xE1n de manera expl\xEDcita o desactivar\xE1n las\
            \ conexiones y servicios que no sean necesarios;"
        cs:
          name: null
          description: "v\xFDslovn\u011B zak\xE1\u017Eou nebo deaktivuj\xED nepot\u0159\
            ebn\xE1 p\u0159ipojen\xED a slu\u017Eby;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.g
      description: "where appropriate, exclusively allow access to the relevant entities\u2019\
        \ network and information systems by devices authorised by those entities;"
      translations:
        es:
          name: null
          description: "cuando proceda, \xFAnicamente permitir\xE1n el acceso a los\
            \ sistemas de redes y de informaci\xF3n de las entidades pertinentes a\
            \ los dispositivos autorizados por estas \xFAltimas;"
        cs:
          name: null
          description: "v p\u0159\xEDpad\u011B pot\u0159eby umo\u017En\xED p\u0159\
            \xEDstup k s\xEDt\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm p\u0159\xED\
            slu\u0161n\xFDch subjekt\u016F v\xFDhradn\u011B prost\u0159ednictv\xED\
            m za\u0159\xEDzen\xED, kter\xE1 jsou t\u011Bmito subjekty autorizov\xE1\
            na;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.h
      description: allow connections of service providers only after an authorisation
        request and for a set time period, such as the duration of a maintenance operation;
      translations:
        es:
          name: null
          description: "permitir\xE1n la conexi\xF3n de los proveedores de servicios\
            \ previa solicitud de autorizaci\xF3n \xFAnicamente y durante un per\xED\
            odo de tiempo limitado, como la duraci\xF3n de una operaci\xF3n de mantenimiento;"
        cs:
          name: null
          description: "povol\xED p\u0159ipojen\xED poskytovatel\u016F slu\u017Eeb\
            \ pouze na z\xE1klad\u011B \u017E\xE1dosti o povolen\xED a po stanovenou\
            \ dobu, nap\u0159\xEDklad po dobu trv\xE1n\xED \xFAdr\u017Eby;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.i
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.i
      description: establish communication between distinct systems only through trusted
        channels that are isolated using logical, cryptographic or physical separation
        from other communication channels and provide assured identification of their
        end points and protection of the channel data from modification or disclosure;
      translations:
        es:
          name: null
          description: "establecer\xE1n la comunicaci\xF3n entre distintos sistemas\
            \ \xFAnicamente a trav\xE9s de canales de confianza que est\xE9n aislados\
            \ mediante separaci\xF3n l\xF3gica, criptogr\xE1fica o f\xEDsica de otros\
            \ canales de comunicaci\xF3n, y facilitar\xE1n la identificaci\xF3n segura\
            \ de su punto final y la protecci\xF3n de sus datos frente a la modificaci\xF3\
            n o la revelaci\xF3n;"
        cs:
          name: null
          description: "zavedou spojen\xED mezi r\u016Fzn\xFDmi syst\xE9my pouze prost\u0159\
            ednictv\xEDm d\u016Fv\u011Bryhodn\xFDch kan\xE1l\u016F, kter\xE9 jsou\
            \ logicky, kryptograficky nebo fyzicky odd\u011Bleny od ostatn\xEDch komunika\u010D\
            n\xEDch kan\xE1l\u016F a zaji\u0161\u0165uj\xED zaru\u010Denou identifikaci\
            \ jejich koncov\xFDch bod\u016F a ochranu dat kan\xE1lu p\u0159ed modifikac\xED\
            \ nebo vyzrazen\xEDm;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.j
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.j
      description: adopt an implementation plan for the full transition towards latest
        generation network layer communication protocols in a secure, appropriate
        and gradual way and establish measures to accelerate such transition;
      translations:
        es:
          name: null
          description: "adoptar\xE1n un plan de ejecuci\xF3n para realizar la transici\xF3\
            n hacia protocolos de comunicaci\xF3n de la capa de red de \xFAltima generaci\xF3\
            n de manera segura, adecuada y gradual, y establecer\xE1n medidas para\
            \ acelerar dicha transici\xF3n;"
        cs:
          name: null
          description: "p\u0159ijmou prov\xE1d\u011Bc\xED pl\xE1n pro \xFApln\xFD\
            \ p\u0159echod na nejnov\u011Bj\u0161\xED generaci komunika\u010Dn\xED\
            ch protokol\u016F s\xED\u0165ov\xE9 vrstvy bezpe\u010Dn\xFDm, vhodn\xFD\
            m a postupn\xFDm zp\u016Fsobem a zavedou opat\u0159en\xED k urychlen\xED\
            \ tohoto p\u0159echodu;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.k
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.k
      description: adopt an implementation plan for the deployment of internationally
        agreed and interoperable modern e-mail communications standards to secure
        e-mail communications to mitigate vulnerabilities linked to e-mail-related
        threats and establish measures to accelerate such deployment;
      translations:
        es:
          name: null
          description: "adoptar\xE1n un plan de ejecuci\xF3n relativo a la implantaci\xF3\
            n de normas sobre las comunicaciones por correo electr\xF3nico modernas,\
            \ interoperables y aprobadas a escala internacional para proteger las\
            \ comunicaciones por correo electr\xF3nico y mitigar las vulnerabilidades\
            \ vinculadas a las amenazas relativas a este \xFAltimo, y establecer\xE1\
            n medidas para acelerar dicha implantaci\xF3n;"
        cs:
          name: null
          description: "p\u0159ijmou prov\xE1d\u011Bc\xED pl\xE1n pro zaveden\xED\
            \ mezin\xE1rodn\u011B dohodnut\xFDch a interoperabiln\xEDch modern\xED\
            ch standard\u016F pro e-mailovou komunikaci, aby se zabezpe\u010Dila e-mailov\xE1\
            \ komunikace a zm\xEDrnila zranitelnost spojen\xE1 s hrozbami souvisej\xED\
            c\xEDmi s elektronickou po\u0161tou, a zavedou opat\u0159en\xED k urychlen\xED\
            \ tohoto zav\xE1d\u011Bn\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2.l
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.2
      ref_id: 6.7.2.l
      description: apply best practices for the security of the DNS, and for Internet
        routing security and routing hygiene of traffic originating from and destined
        to the network.
      translations:
        es:
          name: null
          description: "aplicar\xE1n las mejores pr\xE1cticas sobre seguridad del\
            \ sistema de nombres de dominio, la seguridad del enrutamiento de internet\
            \ y la higiene del enrutamiento del tr\xE1fico con origen en la red o\
            \ destinado a ella."
        cs:
          name: null
          description: "uplat\u0148uj\xED osv\u011Bd\u010Den\xE9 postupy pro zabezpe\u010D\
            en\xED DNS a pro zabezpe\u010Den\xED sm\u011Brov\xE1n\xED na internetu\
            \ a hygienu sm\u011Brov\xE1n\xED provozu vych\xE1zej\xEDc\xEDho ze s\xED\
            t\u011B a sm\u011B\u0159uj\xEDc\xEDho do s\xEDt\u011B.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.7
      ref_id: 6.7.3
      description: The relevant entities shall review and, where appropriate, update
        these measures at planned intervals and when significant incidents or significant
        changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n estas medidas a intervalos planificados o cuando se\
            \ produzcan incidentes significativos o cambios significativos en las\
            \ operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty tato opat\u0159en\xED p\u0159\
            ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            \ v pl\xE1novan\xFDch intervalech a p\u0159i v\xFDskytu v\xFDznamn\xFD\
            ch incident\u016F nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.8'
      name: Network segmentation
      translations:
        es:
          name: "Segmentaci\xF3n de la red"
          description: null
        cs:
          name: "Segmentace s\xEDt\u011B"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8
      ref_id: 6.8.1
      description: "The relevant entities shall segment systems into networks or zones\
        \ in accordance with the results of the risk assessment referred to in point\
        \ 2.1. They shall segment their systems and networks from third parties\u2019\
        \ systems and networks."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes segmentar\xE1n los sistemas en redes\
            \ o zonas de acuerdo con los resultados de la evaluaci\xF3n de riesgos\
            \ a que se refiere el punto 2.1. Segmentar\xE1n sus sistemas y redes de\
            \ los sistemas y redes de terceros."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty rozd\u011Bl\xED syst\xE9\
            my na s\xEDt\u011B nebo z\xF3ny v souladu s v\xFDsledky posouzen\xED rizik\
            \ podle bodu 2.1. Odd\u011Bl\xED sv\xE9 syst\xE9my a s\xEDt\u011B od syst\xE9\
            m\u016F a s\xEDt\xED t\u0159et\xEDch stran."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8
      ref_id: 6.8.2
      description: 'For that purpose, the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A tal efecto, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.a
      description: consider the functional, logical and physical relationship, including
        location, between trustworthy systems and services;
      translations:
        es:
          name: null
          description: "considerar\xE1n la relaci\xF3n funcional, l\xF3gica y f\xED\
            sica, incluida la ubicaci\xF3n, entre sistemas y servicios fiables;"
        cs:
          name: null
          description: "zohledn\xED funk\u010Dn\xED, logick\xE9 a fyzick\xE9 vztahy\
            \ mezi d\u016Fv\u011Bryhodn\xFDmi syst\xE9my a slu\u017Ebami, v\u010D\
            etn\u011B jejich um\xEDst\u011Bn\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.b
      description: grant access to a network or zone based on an assessment of its
        security requirements;
      translations:
        es:
          name: null
          description: "conceder\xE1n acceso a una red o zona sobre la base de una\
            \ evaluaci\xF3n de sus requisitos de seguridad;"
        cs:
          name: null
          description: "ud\u011Bl\xED p\u0159\xEDstup do s\xEDt\u011B nebo z\xF3ny\
            \ na z\xE1klad\u011B posouzen\xED jejich bezpe\u010Dnostn\xEDch po\u017E\
            adavk\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.c
      description: keep systems that are critical to the relevant entities operation
        or to safety in secured zones;
      translations:
        es:
          name: null
          description: "mantendr\xE1n los sistemas que resulten cr\xEDticos para el\
            \ funcionamiento de la entidad pertinente o para la protecci\xF3n en zonas\
            \ seguras;"
        cs:
          name: null
          description: "uchov\xE1vaj\xED syst\xE9my, kter\xE9 jsou kritick\xE9 pro\
            \ provoz p\u0159\xEDslu\u0161n\xFDch subjekt\u016F nebo pro bezpe\u010D\
            nost, v zabezpe\u010Den\xFDch z\xF3n\xE1ch;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.d
      description: deploy a demilitarised zone within their communication networks
        to ensure secure communication originating from or destined to their networks;
      translations:
        es:
          name: null
          description: "implantar\xE1n una zona desmilitarizada dentro de sus redes\
            \ de comunicaci\xF3n para ofrecer una comunicaci\xF3n segura desde o hacia\
            \ sus redes;"
        cs:
          name: null
          description: "zavedou ve sv\xFDch komunika\u010Dn\xEDch s\xEDt\xEDch demilitarizovanou\
            \ z\xF3nu, kter\xE1 zajist\xED bezpe\u010Dnou komunikaci vych\xE1zej\xED\
            c\xED z jejich s\xEDt\xED nebo sm\u011B\u0159uj\xEDc\xED do jejich s\xED\
            t\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.e
      description: restrict access and communications between and within zones to
        those necessary for the operation of the relevant entities or for safety;
      translations:
        es:
          name: null
          description: "restringir\xE1n el acceso y las comunicaciones entre zonas\
            \ y dentro de ellas a lo necesario para el funcionamiento de las entidades\
            \ pertinentes o la seguridad;"
        cs:
          name: null
          description: "omez\xED p\u0159\xEDstup a komunikaci mezi z\xF3nami a uvnit\u0159\
            \ z\xF3n na ty, kter\xE9 jsou nezbytn\xE9 pro provoz p\u0159\xEDslu\u0161\
            n\xFDch subjekt\u016F nebo pro bezpe\u010Dnost;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.f
      description: "separate the dedicated network for administration of network and\
        \ information systems from the relevant entities\u2019 operational network;"
      translations:
        es:
          name: null
          description: "separar\xE1n la red espec\xEDfica para la administraci\xF3\
            n de los sistemas de redes y de informaci\xF3n de la red operativa de\
            \ las entidades pertinentes;"
        cs:
          name: null
          description: "odd\u011Bl\xED specializovanou s\xED\u0165 pro spr\xE1vu s\xED\
            t\xED a informa\u010Dn\xEDch syst\xE9m\u016F od provozn\xED s\xEDt\u011B\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.g
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.g
      description: segregate network administration channels from other network traffic;
      translations:
        es:
          name: null
          description: "segregar\xE1n los canales de administraci\xF3n de la red del\
            \ resto de tr\xE1fico de la red;"
        cs:
          name: null
          description: "odd\u011Bl\xED kan\xE1ly pro spr\xE1vu s\xEDt\u011B od ostatn\xED\
            ho provozu v s\xEDti;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2.h
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.2
      ref_id: 6.8.2.h
      description: "separate the production systems for the relevant entities\u2019\
        \ services from systems used in development and testing, including backups."
      translations:
        es:
          name: null
          description: "separar\xE1n los sistemas de producci\xF3n de los servicios\
            \ de las entidades pertinentes de los sistemas utilizados para el desarrollo\
            \ y las pruebas, incluidas las copias de seguridad."
        cs:
          name: null
          description: "odd\u011Bl\xED produk\u010Dn\xED syst\xE9my pro \xFAtvary\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F od syst\xE9m\u016F pou\u017E\
            \xEDvan\xFDch pro v\xFDvoj a testov\xE1n\xED, v\u010Detn\u011B z\xE1loh.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.8
      ref_id: 6.8.3
      description: The relevant entities shall review and, where appropriate, update
        network segmentation at planned intervals and when significant incidents or
        significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n la segmentaci\xF3n de la red a intervalos planificados,\
            \ as\xED como cuando se produzcan incidentes significativos o cambios\
            \ significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty segmentaci s\xEDt\u011B\
            \ p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            \ v pl\xE1novan\xFDch intervalech a p\u0159i v\xFDznamn\xFDch incidentech\
            \ nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.9'
      name: Protection against malicious and unauthorised software
      translations:
        es:
          name: "Protecci\xF3n frente a los programas inform\xE1ticos maliciosos y\
            \ no autorizados"
          description: null
        cs:
          name: "Ochrana p\u0159ed \u0161kodliv\xFDm a neautorizovan\xFDm softwarem"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9
      ref_id: 6.9.1
      description: The relevant entities shall protect their network and information
        systems against malicious and unauthorised software.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes proteger\xE1n sus sistemas de redes\
            \ y de informaci\xF3n frente a los programas inform\xE1ticos maliciosos\
            \ y no autorizados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty chr\xE1n\xED sv\xE9 s\xED\
            t\u011B a informa\u010Dn\xED syst\xE9my p\u0159ed \u0161kodliv\xFDm a\
            \ neautorizovan\xFDm softwarem."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.9
      ref_id: 6.9.2
      description: For that purpose, the relevant entities shall in particular implement
        measures that detect or prevent the use of malicious or unauthorised software.
        The relevant entities shall, where appropriate, ensure that their network
        and information systems are equipped with detection and response software,
        which is updated regularly in accordance with the risk assessment carried
        out pursuant to point 2.1 and the contractual agreements with the providers.
      translations:
        es:
          name: null
          description: "Para ello, las entidades pertinentes aplicar\xE1n, en particular,\
            \ medidas para detectar o impedir el uso de programas inform\xE1ticos\
            \ maliciosos o no autorizados. Las entidades pertinentes velar\xE1n, cuando\
            \ proceda, por que sus sistemas de redes y de informaci\xF3n est\xE9n\
            \ equipados con programas inform\xE1ticos de detecci\xF3n y respuesta,\
            \ que se actualicen peri\xF3dicamente de conformidad con la evaluaci\xF3\
            n de riesgos realizada con arreglo al punto 2.1 y los acuerdos contractuales\
            \ con los proveedores."
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ zejm\xE9na zavedou opat\u0159en\xED, kter\xE1 odhal\xED nebo zabr\xE1\
            n\xED pou\u017E\xEDv\xE1n\xED \u0161kodliv\xE9ho nebo neopr\xE1vn\u011B\
            n\xE9ho softwaru. P\u0159\xEDslu\u0161n\xE9 subjekty v p\u0159\xEDpad\u011B\
            \ pot\u0159eby zajist\xED, aby jejich s\xEDt\u011B a informa\u010Dn\xED\
            \ syst\xE9my byly vybaveny softwarem pro detekci a reakci, kter\xFD je\
            \ pravideln\u011B aktualizov\xE1n v souladu s posouzen\xEDm rizik proveden\xFD\
            m podle bodu 2.1 a se smluvn\xEDmi ujedn\xE1n\xEDmi s poskytovateli."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6
      ref_id: '6.10'
      name: Vulnerability handling and disclosure
      translations:
        es:
          name: "Gesti\xF3n y divulgaci\xF3n de las vulnerabilidades"
          description: null
        cs:
          name: " \u0158e\u0161en\xED a zve\u0159ej\u0148ov\xE1n\xED zranitelnost\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10
      ref_id: 6.10.1
      description: The relevant entities shall obtain information about technical
        vulnerabilities in their network and information systems, evaluate their exposure
        to such vulnerabilities, and take appropriate measures to manage the vulnerabilities.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes recibir\xE1n informaci\xF3n sobre\
            \ las vulnerabilidades de sus sistemas de redes y de informaci\xF3n, evaluar\xE1\
            n su exposici\xF3n a dichas vulnerabilidades y adoptar\xE1n las medidas\
            \ necesarias para gestionarlas."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty z\xEDskaj\xED informace\
            \ o technick\xFDch zranitelnostech sv\xFDch s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F, vyhodnot\xED, zda jsou t\u011Bmto zranitelnostem\
            \ vystaveny, a p\u0159ijmou vhodn\xE1 opat\u0159en\xED k \u0159\xEDzen\xED\
            \ t\u011Bchto zranitelnost\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10
      ref_id: 6.10.2
      description: 'For the purpose of point 6.10.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 6.10.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 6.10.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      ref_id: 6.10.2.a
      description: monitor information about vulnerabilities through appropriate channels,
        such as announcements of CSIRTs, competent authorities or information provided
        by suppliers or service providers;
      translations:
        es:
          name: null
          description: "supervisar\xE1n la informaci\xF3n sobre vulnerabilidades a\
            \ trav\xE9s de los canales adecuados, tales como los anuncios de los CSIRT,\
            \ las autoridades competentes o la informaci\xF3n facilitada por los proveedores\
            \ o prestadores de servicios;"
        cs:
          name: null
          description: "sleduj\xED informace o zranitelnostech prost\u0159ednictv\xED\
            m vhodn\xFDch kan\xE1l\u016F, jako jsou ozn\xE1men\xED t\xFDm\u016F CSIRT,\
            \ p\u0159\xEDslu\u0161n\xFDch org\xE1n\u016F nebo informace poskytovan\xE9\
            \ dodavateli \u010Di poskytovateli slu\u017Eeb;"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      ref_id: 6.10.2.b
      description: perform, where appropriate, vulnerability scans, and record evidence
        of the results of the scans, at planned intervals;
      translations:
        es:
          name: null
          description: "realizar\xE1n, seg\xFAn proceda, exploraciones de vulnerabilidad\
            \ y registrar\xE1n pruebas de los resultados de las mismas, a intervalos\
            \ planificados;"
        cs:
          name: null
          description: "v p\u0159\xEDpad\u011B pot\u0159eby prov\xE1d\u011Bj\xED v\
            \ pl\xE1novan\xFDch intervalech kontroly zranitelnosti a zaznamen\xE1\
            vaj\xED d\u016Fkazy o v\xFDsledc\xEDch t\u011Bchto kontrol;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      ref_id: 6.10.2.c
      description: address, without undue delay, vulnerabilities identified by the
        relevant entities as critical to their operations;
      translations:
        es:
          name: null
          description: "abordar\xE1n, sin demora indebida, las vulnerabilidades que\
            \ las entidades pertinentes consideren cr\xEDticas para sus operaciones;"
        cs:
          name: null
          description: "bez zbyte\u010Dn\xE9ho odkladu \u0159e\u0161\xED zranitelnosti,\
            \ kter\xE9 p\u0159\xEDslu\u0161n\xE9 subjekty ozna\u010Dily za kritick\xE9\
            \ pro sv\xE9 operace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      ref_id: 6.10.2.d
      description: ensure that their vulnerability handling is compatible with their
        change management, security patch management, risk management and incident
        management procedures;
      translations:
        es:
          name: null
          description: "asegurar\xE1n que su gesti\xF3n de vulnerabilidades sea compatible\
            \ con sus procedimientos de gesti\xF3n de cambios, gesti\xF3n de parches\
            \ de seguridad, gesti\xF3n de riesgos y gesti\xF3n de incidentes;"
        cs:
          name: null
          description: "zajist\xED, aby jejich postupy pro \u0159e\u0161en\xED zranitelnost\xED\
            \ byly v souladu s jejich postupy pro \u0159\xEDzen\xED zm\u011Bn, \u0159\
            \xEDzen\xED bezpe\u010Dnostn\xEDch oprav, \u0159\xEDzen\xED rizik a \u0159\
            \xEDzen\xED incident\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.2
      ref_id: 6.10.2.e
      description: lay down a procedure for disclosing vulnerabilities in accordance
        with the applicable national coordinated vulnerability disclosure policy.
      translations:
        es:
          name: null
          description: "establecer\xE1n un procedimiento de divulgaci\xF3n de las\
            \ vulnerabilidades de conformidad con la pol\xEDtica coordinada de divulgaci\xF3\
            n de las vulnerabilidades nacional aplicable."
        cs:
          name: null
          description: "stanov\xED postup pro zve\u0159ej\u0148ov\xE1n\xED zranitelnost\xED\
            \ v souladu s platnou vnitrost\xE1tn\xED koordinovanou politikou zve\u0159\
            ej\u0148ov\xE1n\xED zranitelnost\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10
      ref_id: 6.10.3
      description: When justified by the potential impact of the vulnerability, the
        relevant entities shall create and implement a plan to mitigate the vulnerability.
        In other cases, the relevant entities shall document and substantiate the
        reason why the vulnerability does not require remediation.
      translations:
        es:
          name: null
          description: "Cuando est\xE9 justificado por el posible impacto de la vulnerabilidad,\
            \ las entidades pertinentes crear\xE1n y llevar\xE1n a la pr\xE1ctica\
            \ un plan para mitigarla. En otros casos, las entidades pertinentes documentar\xE1\
            n y justificar\xE1n el motivo por el que la vulnerabilidad no requiere\
            \ reparaci\xF3n."
        cs:
          name: null
          description: "Pokud je to od\u016Fvodn\u011Bno potenci\xE1ln\xEDm dopadem\
            \ zranitelnosti, p\u0159\xEDslu\u0161n\xE9 subjekty vypracuj\xED a zavedou\
            \ pl\xE1n na jej\xED zm\xEDrn\u011Bn\xED. V ostatn\xEDch p\u0159\xEDpadech\
            \ p\u0159\xEDslu\u0161n\xE9 subjekty zdokumentuj\xED a zd\u016Fvodn\xED\
            , pro\u010D zranitelnost nevy\u017Eaduje n\xE1pravu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:6.10
      ref_id: 6.10.4
      description: The relevant entities shall review and, where appropriate, update
        at planned intervals the channels they use for monitoring vulnerability information.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n a intervalos planificados los canales que utilizan para\
            \ supervisar la informaci\xF3n relativa a las vulnerabilidades."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty p\u0159ezkoumaj\xED a v\
            \ p\u0159\xEDpad\u011B pot\u0159eby v pl\xE1novan\xFDch intervalech aktualizuj\xED\
            \ kan\xE1ly, kter\xE9 pou\u017E\xEDvaj\xED pro sledov\xE1n\xED informac\xED\
            \ o zranitelnosti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7
      assessable: false
      depth: 1
      ref_id: '7'
      name: POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT
        MEASURES (ARTICLE 21(2), POINT (F), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "ORIENTACIONES Y PROCEDIMIENTOS PARA EVALUAR LA EFICACIA DE LAS MEDIDAS\
            \ DE GESTI\xD3N DE RIESGOS DE CIBERSEGURIDAD [Art\xEDculo 21, Apartado\
            \ 2, Letra F), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Politiky a postupy za \xFA\u010Delem posouzen\xED \xFA\u010Dinnosti\
            \ opat\u0159en\xED k \u0159\xEDzen\xED kybernetick\xFDch bezpe\u010Dnostn\xED\
            ch rizik (\u010Dl. 21 odst. 2 p\xEDsm. f) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.1
      assessable: true
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7
      ref_id: '7.1'
      description: For the purpose of Article 21(2), point (f) of Directive (EU) 2022/2555,
        the relevant entities shall establish, implement and apply a policy and procedures
        to assess whether the cybersecurity risk-management measures taken by the
        relevant entity are effectively implemented and maintained.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra f), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\
            n, llevar\xE1n a la pr\xE1ctica y aplicar\xE1n orientaciones y procedimientos\
            \ para evaluar si las medidas para la gesti\xF3n de riesgos de ciberseguridad\
            \ que hayan adoptado se ejecutan y mantienen de manera efectiva."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. f) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou\
            \ a uplat\u0148uj\xED politiku a postupy za \xFA\u010Delem posouzen\xED\
            , zda jsou opat\u0159en\xED k \u0159\xEDzen\xED kybernetick\xFDch bezpe\u010D\
            nostn\xEDch rizik p\u0159ijat\xE1 p\u0159\xEDslu\u0161n\xFDm subjektem\
            \ \xFA\u010Dinn\u011B prov\xE1d\u011Bna a udr\u017Eov\xE1na."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      assessable: true
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7
      ref_id: '7.2'
      description: 'The policy and procedures referred to in point 7.1. shall take
        into account results of the risk assessment pursuant to point 2.1. and past
        significant incidents. The relevant entities shall determine:'
      translations:
        es:
          name: null
          description: "Las orientaciones y procedimientos a que hace referencia el\
            \ punto 7.1 tendr\xE1n en cuenta los resultados de la evaluaci\xF3n de\
            \ riesgos conforme al punto 2.1 y los incidentes significativos ocurridos\
            \ en el pasado. Las entidades pertinentes determinar\xE1n:"
        cs:
          name: null
          description: "Politika a postupy uveden\xE9 v bod\u011B 7.1. zohled\u0148\
            uj\xED v\xFDsledky posouzen\xED rizik podle bodu 2.1. a minul\xE9 v\xFD\
            znamn\xE9 incidenty. P\u0159\xEDslu\u0161n\xE9 subjekty ur\u010D\xED:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.a
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.a
      description: what cybersecurity risk-management measures are to be monitored
        and measured, including processes and controls;
      translations:
        es:
          name: null
          description: "qu\xE9 medidas para la gesti\xF3n de riesgos de ciberseguridad\
            \ deben supervisarse y medirse, incluidos los procedimientos y controles;"
        cs:
          name: null
          description: "jak\xE1 opat\u0159en\xED pro \u0159\xEDzen\xED kybernetick\xFD\
            ch bezpe\u010Dnostn\xEDch rizik maj\xED b\xFDt sledov\xE1na a m\u011B\u0159\
            ena, v\u010Detn\u011B proces\u016F a kontrol;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.b
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.b
      description: the methods for monitoring, measurement, analysis and evaluation,
        as applicable, to ensure valid results;
      translations:
        es:
          name: null
          description: "los m\xE9todos de supervisi\xF3n, medici\xF3n, an\xE1lisis\
            \ y evaluaci\xF3n, seg\xFAn corresponda, para asegurar resultados v\xE1\
            lidos;"
        cs:
          name: null
          description: "p\u0159\xEDpadn\u011B metody monitorov\xE1n\xED, m\u011B\u0159\
            en\xED, analyzov\xE1n\xED a hodnocen\xED, s c\xEDlem zajistit platn\xE9\
            \ v\xFDsledky;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.c
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.c
      description: when the monitoring and measuring is to be performed;
      translations:
        es:
          name: null
          description: "cu\xE1ndo deben realizarse la supervisi\xF3n y la medici\xF3\
            n;"
        cs:
          name: null
          description: "kdy se m\xE1 prov\xE1d\u011Bt monitorov\xE1n\xED a m\u011B\
            \u0159en\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.d
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.d
      description: who is responsible for monitoring and measuring the effectiveness
        of the cybersecurity risk-management measures;
      translations:
        es:
          name: null
          description: "qui\xE9nes son los responsables de supervisar y medir la eficacia\
            \ de las medidas para la gesti\xF3n de riesgos de ciberseguridad;"
        cs:
          name: null
          description: "kdo je odpov\u011Bdn\xFD za monitorov\xE1n\xED a m\u011B\u0159\
            en\xED \xFA\u010Dinnosti opat\u0159en\xED k \u0159\xEDzen\xED kybernetick\xFD\
            ch bezpe\u010Dnostn\xEDch rizik;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.e
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.e
      description: when the results from monitoring and measurement are to be analysed
        and evaluated;
      translations:
        es:
          name: null
          description: "cu\xE1ndo se deben analizar y evaluar los resultados de la\
            \ supervisi\xF3n y la medici\xF3n;"
        cs:
          name: null
          description: "kdy se maj\xED v\xFDsledky monitorov\xE1n\xED a m\u011B\u0159\
            en\xED analyzovat a vyhodnocovat;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2.f
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.2
      ref_id: 7.2.f
      description: who has to analyse and evaluate these results.
      translations:
        es:
          name: null
          description: "qui\xE9nes deben analizar y evaluar estos resultados."
        cs:
          name: null
          description: "kdo mus\xED tyto v\xFDsledky analyzovat a vyhodnotit.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7.3
      assessable: true
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:7
      ref_id: '7.3'
      description: The relevant entities shall review and, where appropriate, update
        the policy and procedures at planned intervals and when significant incidents
        or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las orientaciones y los procedimientos a intervalos\
            \ planificados, as\xED como cuando se produzcan incidentes significativos\
            \ o cambios significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty politiku a postupy p\u0159\
            ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            \ v pl\xE1novan\xFDch intervalech a p\u0159i v\xFDznamn\xFDch incidentech\
            \ nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8
      assessable: false
      depth: 1
      ref_id: '8'
      name: BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING (ARTICLE 21(2), POINT
        (G), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "FORMACI\xD3N EN SEGURIDAD Y PR\xC1CTICAS B\xC1SICAS DE CIBERHIGIENE\
            \ [Art\xEDculo 21, Apartado 2, Letra G), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Z\xE1kladn\xED postupy v oblasti kybernetick\xE9 hygieny a bezpe\u010D\
            nostn\xED \u0161kolen\xED (\u010Dl. 21 odst. 2 p\xEDsm. g) sm\u011Brnice\
            \ (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8
      ref_id: '8.1'
      name: Awareness raising and basic cyber hygiene practices
      translations:
        es:
          name: "Mejora de la sensibilizaci\xF3n y pr\xE1cticas b\xE1sicas de ciberhigiene"
          description: null
        cs:
          name: " Zvy\u0161ov\xE1n\xED pov\u011Bdom\xED a z\xE1kladn\xED postupy v\
            \ oblasti kybernetick\xE9 hygieny"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1
      ref_id: 8.1.1
      description: For the purpose of Article 21(2), point (g) of Directive (EU) 2022/2555,
        the relevant entities shall ensure that their employees, including members
        of management bodies, as well as direct suppliers and service providers are
        aware of risks, are informed of the importance of cybersecurity and apply
        cyber hygiene practices.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra g), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes se asegurar\xE1\
            n de que sus empleados, incluidos los miembros de los \xF3rganos de direcci\xF3\
            n, as\xED como sus proveedores y prestadores de servicios directos sean\
            \ conscientes de los riesgos, est\xE9n informados de la importancia de\
            \ la ciberseguridad y apliquen pr\xE1cticas de ciberhigiene."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. g) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby\
            \ si jejich zam\u011Bstnanci, v\u010Detn\u011B \u010Dlen\u016F \u0159\xED\
            d\xEDc\xEDch org\xE1n\u016F, ale i p\u0159\xEDm\xED dodavatel\xE9 a poskytovatel\xE9\
            \ slu\u017Eeb byli v\u011Bdomi rizik, byli informov\xE1ni o v\xFDznamu\
            \ kybernetick\xE9 bezpe\u010Dnosti a uplat\u0148ovali postupy v oblasti\
            \ kybernetick\xE9 hygieny."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1
      ref_id: 8.1.2
      description: 'For the purpose of point 8.1.1., the relevant entities shall offer
        to their employees, including members of management bodies, as well as to
        direct suppliers and service providers where appropriate in accordance with
        point 5.1.4., an awareness raising programme, which shall:'
      translations:
        es:
          name: null
          description: "A los efectos del punto 8.1.1, las entidades pertinentes ofrecer\xE1\
            n a sus empleados, incluidos los miembros de los \xF3rganos de direcci\xF3\
            n, as\xED como a sus proveedores y prestadores de servicios directos,\
            \ seg\xFAn proceda de conformidad con el punto 5.1.4, un programa de mejora\
            \ de la sensibilizaci\xF3n que:"
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 8.1.1 poskytnou p\u0159\xEDslu\u0161\
            n\xE9 subjekty sv\xFDm zam\u011Bstnanc\u016Fm, v\u010Detn\u011B \u010D\
            len\u016F \u0159\xEDd\xEDc\xEDch org\xE1n\u016F, a v p\u0159\xEDpad\u011B\
            \ pot\u0159eby p\u0159\xEDm\xFDm dodavatel\u016Fm a poskytovatel\u016F\
            m slu\u017Eeb v souladu s bodem 5.1.4. program zvy\u0161ov\xE1n\xED informovanosti,\
            \ kter\xFD:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2
      ref_id: 8.1.2.a
      description: be scheduled over time, so that the activities are repeated and
        cover new employees;
      translations:
        es:
          name: null
          description: "se programar\xE1 a lo largo del tiempo, de forma que se repitan\
            \ las actividades e incluya a los nuevos empleados;"
        cs:
          name: null
          description: "je napl\xE1nov\xE1n v \u010Dase tak, aby se \u010Dinnosti\
            \ opakovaly a zahrnovaly nov\xE9 zam\u011Bstnance;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2
      ref_id: 8.1.2.b
      description: be established in line with the network and information security
        policy, topic- specific policies and relevant procedures on network and information
        security;
      translations:
        es:
          name: null
          description: "se establecer\xE1 en consonancia con la pol\xEDtica de seguridad\
            \ de las redes y la informaci\xF3n, las pol\xEDticas espec\xEDficas y\
            \ los procedimientos pertinentes en materia de seguridad de las redes\
            \ y de la informaci\xF3n;"
        cs:
          name: null
          description: "bude vytvo\u0159en v souladu s politikou bezpe\u010Dnosti\
            \ s\xEDt\xED a informac\xED, tematicky zam\u011B\u0159en\xFDmi politikami\
            \ a p\u0159\xEDslu\u0161n\xFDmi postupy bezpe\u010Dnosti s\xEDt\xED a\
            \ informac\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.2
      ref_id: 8.1.2.c
      description: cover relevant cyber threats, the cybersecurity risk-management
        measures in place, contact points and resources for additional information
        and advice on cybersecurity matters, as well as cyber hygiene practices for
        users.
      translations:
        es:
          name: null
          description: "englobar\xE1 las ciberamenazas relevantes, las medidas para\
            \ la gesti\xF3n de riesgos de ciberseguridad en vigor, los puntos de contacto\
            \ y los recursos para obtener informaci\xF3n adicional y asesoramiento\
            \ sobre aspectos de ciberseguridad, as\xED como las pr\xE1cticas de ciberhigiene\
            \ para los usuarios."
        cs:
          name: null
          description: "zahrnuje relevantn\xED kybernetick\xE9 hrozby, zaveden\xE1\
            \ opat\u0159en\xED k \u0159\xEDzen\xED kybernetick\xFDch bezpe\u010Dnostn\xED\
            ch rizik, kontaktn\xED m\xEDsta a zdroje pro dal\u0161\xED informace a\
            \ poradenstv\xED v ot\xE1zk\xE1ch kybernetick\xE9 bezpe\u010Dnosti a rovn\u011B\
            \u017E postupy v oblasti kybernetick\xE9 hygieny pro u\u017Eivatele.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.1
      ref_id: 8.1.3
      description: The awareness raising programme shall, where appropriate, be tested
        in terms of effectiveness. The awareness raising programme shall be updated
        and offered at planned intervals taking into account changes in cyber hygiene
        practices, and the current threat landscape and risks posed to the relevant
        entities.
      translations:
        es:
          name: null
          description: "El programa de mejora de la sensibilizaci\xF3n se probar\xE1\
            \ en t\xE9rminos de eficacia, seg\xFAn proceda. El programa de mejora\
            \ de la sensibilizaci\xF3n se actualizar\xE1 y se ofrecer\xE1 a intervalos\
            \ planificados teniendo en cuenta los cambios en las pr\xE1cticas de ciberhigiene\
            \ y el panorama actual de amenazas y de riesgos para las entidades pertinentes."
        cs:
          name: null
          description: "Program zvy\u0161ov\xE1n\xED pov\u011Bdom\xED se v p\u0159\
            \xEDpad\u011B pot\u0159eby testuje z hlediska \xFA\u010Dinnosti. Program\
            \ zvy\u0161ov\xE1n\xED informovanosti se v pl\xE1novan\xFDch intervalech\
            \ aktualizuje a nab\xEDz\xED, a to s p\u0159ihl\xE9dnut\xEDm ke zm\u011B\
            n\xE1m postup\u016F v oblasti kybernetick\xE9 hygieny a k aktu\xE1ln\xED\
            m hrozb\xE1m a rizik\u016Fm pro p\u0159\xEDslu\u0161n\xE9 subjekty."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8
      ref_id: '8.2'
      name: Security training
      translations:
        es:
          name: "Formaci\xF3n en seguridad"
          description: null
        cs:
          name: "Bezpe\u010Dnostn\xED \u0161kolen\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      ref_id: 8.2.1
      description: The relevant entities shall identify employees, whose roles require
        security relevant skill sets and expertise, and ensure that they receive regular
        training on network and information system security.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes indicar\xE1n cu\xE1les son los empleados\
            \ cuyos roles exigen capacidades y conocimientos especializados de seguridad\
            \ y velar\xE1n por que reciban formaci\xF3n peri\xF3dica sobre la seguridad\
            \ de los sistemas de redes y de informaci\xF3n."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty ur\u010D\xED zam\u011B\
            stnance, jejich\u017E funkce vy\u017Eaduj\xED dovednosti a odborn\xE9\
            \ znalosti v oblasti bezpe\u010Dnosti, a zajist\xED, aby pravideln\u011B\
            \ absolvovali \u0161kolen\xED v oblasti bezpe\u010Dnosti s\xEDt\xED a\
            \ informa\u010Dn\xEDch syst\xE9m\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      ref_id: 8.2.2
      description: The relevant entities shall establish, implement and apply a training
        program in line with the network and information security policy, topic-specific
        policies and other relevant procedures on network and information security
        which lays down the training needs for certain roles and positions based on
        criteria.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\
            \ y ejecutar\xE1n un programa de formaci\xF3n en consonancia con la pol\xED\
            tica de seguridad de las redes y de la informaci\xF3n, las pol\xEDticas\
            \ espec\xEDficas y otros procedimientos pertinentes en materia de seguridad\
            \ de las redes y de la informaci\xF3n que determine las necesidades de\
            \ formaci\xF3n de ciertos roles y puestos de acuerdo con criterios concretos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vytvo\u0159\xED, zavedou\
            \ a pou\u017Eij\xED program \u0161kolen\xED v souladu s politikou bezpe\u010D\
            nosti s\xEDt\xED a informac\xED, tematicky zam\u011B\u0159en\xFDmi politikami\
            \ a dal\u0161\xEDmi p\u0159\xEDslu\u0161n\xFDmi postupy v oblasti bezpe\u010D\
            nosti s\xEDt\xED a informac\xED, kter\xFD na z\xE1klad\u011B krit\xE9\
            ri\xED stanov\xED pot\u0159eby \u0161kolen\xED pro ur\u010Dit\xE9 funkce\
            \ a pozice."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      ref_id: 8.2.3
      description: 'The training referred to in point 8.2.1. shall be relevant to
        the job function of the employee and its effectiveness shall be assessed.
        Training shall take into consideration security measures in place and cover
        the following:'
      translations:
        es:
          name: null
          description: "La formaci\xF3n contemplada en el punto 8.2.1 se adecuar\xE1\
            \ a las funciones laborales de los empleados y se evaluar\xE1 su eficacia.\
            \ La formaci\xF3n tendr\xE1 en cuenta las medidas de seguridad en vigor\
            \ y englobar\xE1 lo siguiente:"
        cs:
          name: null
          description: "\u0160kolen\xED uveden\xE9 v bod\u011B 8.2.1 mus\xED b\xFD\
            t relevantn\xED pro pracovn\xED funkci zam\u011Bstnance a mus\xED b\xFD\
            t posouzena jeho \xFA\u010Dinnost. \u0160kolen\xED by m\u011Blo zohled\u0148\
            ovat zaveden\xE1 bezpe\u010Dnostn\xED opat\u0159en\xED a zahrnovat:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3
      ref_id: 8.2.3.a
      description: instructions regarding the secure configuration and operation of
        the network and information systems, including mobile devices;
      translations:
        es:
          name: null
          description: "instrucciones relativas a la configuraci\xF3n y el funcionamiento\
            \ seguros de los sistemas de redes y de informaci\xF3n, incluidos los\
            \ dispositivos m\xF3viles;"
        cs:
          name: null
          description: "pokyny t\xFDkaj\xEDc\xED se bezpe\u010Dn\xE9 konfigurace a\
            \ provozu s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, v\u010Detn\u011B\
            \ mobiln\xEDch za\u0159\xEDzen\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3
      ref_id: 8.2.3.b
      description: briefing on known cyber threats;
      translations:
        es:
          name: null
          description: "informaci\xF3n sobre ciberamenazas conocidas;"
        cs:
          name: null
          description: "informov\xE1n\xED o zn\xE1m\xFDch kybernetick\xFDch hrozb\xE1\
            ch;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.3
      ref_id: 8.2.3.c
      description: training of the behaviour when security-relevant events occur.
      translations:
        es:
          name: null
          description: "formaci\xF3n relativa al comportamiento frente a sucesos relevantes\
            \ para la seguridad."
        cs:
          name: null
          description: "\u0161kolen\xED t\xFDkaj\xEDc\xED se chov\xE1n\xED v p\u0159\
            \xEDpad\u011B v\xFDskytu bezpe\u010Dnostn\xEDch ud\xE1lost\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      ref_id: 8.2.4
      description: The relevant entities shall apply training to staff members who
        transfer to new positions or roles which require security relevant skill sets
        and expertise.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes llevar\xE1n a cabo la formaci\xF3\
            n para los miembros del personal que se trasladen a nuevos puestos o roles\
            \ que requieran capacidades y conocimientos especializados en seguridad."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vzt\xE1hnou \u0161kolen\xED\
            \ na zam\u011Bstnance, kte\u0159\xED p\u0159ech\xE1zej\xED na nov\xE9\
            \ pozice nebo funkce vy\u017Eaduj\xEDc\xED dovednosti a odborn\xE9 znalosti\
            \ v oblasti bezpe\u010Dnosti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:8.2
      ref_id: 8.2.5
      description: The program shall be updated and run periodically taking into account
        applicable policies and rules, assigned roles, responsibilities, as well as
        known cyber threats and technological developments.
      translations:
        es:
          name: null
          description: "El programa se actualizar\xE1 y desarrollar\xE1 de manera\
            \ peri\xF3dica teniendo en cuenta las normas y reglas aplicables, los\
            \ roles asignados, las responsabilidades, as\xED como las ciberamenazas\
            \ conocidas y los avances tecnol\xF3gicos."
        cs:
          name: null
          description: "Program je pravideln\u011B aktualizov\xE1n a prov\xE1d\u011B\
            n s p\u0159ihl\xE9dnut\xEDm k platn\xFDm politik\xE1m a pravidl\u016F\
            m, p\u0159id\u011Blen\xFDm \xFAkol\u016Fm a odpov\u011Bdnostem, ale i\
            \ ke zn\xE1m\xFDm kybernetick\xFDm hrozb\xE1m a technologick\xE9mu v\xFD\
            voji."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9
      assessable: false
      depth: 1
      ref_id: '9'
      name: CRYPTOGRAPHY (ARTICLE 21(2), POINT (H), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "CRIPTOGRAF\xCDA [Art\xEDculo 21, Apartado 2, Letra H), de la directiva\
            \ (UE) 2022/2555]"
          description: null
        cs:
          name: " Kryptografie (\u010Dl. 21 odst. 2 p\xEDsm. h) sm\u011Brnice (EU)\
            \ 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.1
      assessable: true
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9
      ref_id: '9.1'
      description: "For the purpose of Article 21(2), point (h) of Directive (EU)\
        \ 2022/2555, the relevant entities shall establish, implement and apply a\
        \ policy and procedures related to cryptography, with a view to ensuring adequate\
        \ and effective use of cryptography to protect the confidentiality, authenticity\
        \ and integrity of data in line with the relevant entities\u2019 asset classification\
        \ and the results of the risk assessment carried out pursuant to point 2.1."
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra h), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\
            n, llevar\xE1n a la pr\xE1ctica y aplicar\xE1n orientaciones y procedimientos\
            \ relativos a la criptograf\xEDa, con el objetivo de asegurar un uso adecuado\
            \ y eficaz de la misma para proteger la confidencialidad, autenticidad\
            \ e integridad de la informaci\xF3n en consonancia con la clasificaci\xF3\
            n de activos de las entidades pertinentes y los resultados de la evaluaci\xF3\
            n de riesgos realizada de conformidad con el punto 2.1."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. h) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou\
            \ a uplat\u0148uj\xED politiku a postupy t\xFDkaj\xEDc\xED se kryptografie\
            \ s c\xEDlem zajistit p\u0159im\u011B\u0159en\xE9 a \xFA\u010Dinn\xE9\
            \ pou\u017E\xEDv\xE1n\xED kryptografie k ochran\u011B d\u016Fv\u011Brnosti,\
            \ autenticity a integrity informac\xED v souladu s klasifikac\xED aktiv\
            \ p\u0159\xEDslu\u0161n\xFDch subjekt\u016F a v\xFDsledky posouzen\xED\
            \ rizik proveden\xE9ho podle bodu 2.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9
      ref_id: '9.2'
      description: 'The policy and procedures referred to in point 9.1 shall establish:'
      translations:
        es:
          name: null
          description: "Las orientaciones y procedimientos a que hace referencia el\
            \ punto 9.1 establecer\xE1n:"
        cs:
          name: null
          description: "Politika a postupy uveden\xE9 v bod\u011B 9.1 stanov\xED:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.a
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2
      ref_id: 9.2.a
      description: "in accordance with the relevant entities\u2019 classification\
        \ of assets, the type, strength and quality of the cryptographic measures\
        \ required to protect the relevant entities\u2019 assets, including data at\
        \ rest and data in transit;"
      translations:
        es:
          name: null
          description: "de acuerdo con la clasificaci\xF3n de activos de las entidades\
            \ pertinentes, el tipo, la firmeza y la calidad de las medidas criptogr\xE1\
            ficas necesarias para proteger los activos de dichas entidades, incluidos\
            \ los datos en reposo y los datos en tr\xE1nsito;"
        cs:
          name: null
          description: "v souladu s klasifikac\xED aktiv p\u0159\xEDslu\u0161n\xFD\
            ch subjekt\u016F typ, s\xEDlu a kvalitu kryptografick\xFDch opat\u0159\
            en\xED pot\u0159ebn\xFDch k ochran\u011B aktiv p\u0159\xEDslu\u0161n\xFD\
            ch subjekt\u016F, v\u010Detn\u011B \xFAdaj\u016F, kter\xE9 jsou ulo\u017E\
            eny a p\u0159ed\xE1v\xE1ny;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.b
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2
      ref_id: 9.2.b
      description: based on point (a), the protocols or families of protocols to be
        adopted, as well as cryptographic algorithms, cipher strength, cryptographic
        solutions and usage practices to be approved and required for use in the relevant
        entities, following, where appropriate, a cryptographic agility approach;
      translations:
        es:
          name: null
          description: "teniendo en cuenta la letra a), los protocolos o las familias\
            \ de protocolos que deben adoptarse, as\xED como los algoritmos criptogr\xE1\
            ficos, la solidez del cifrado, las soluciones criptogr\xE1ficas y las\
            \ pr\xE1cticas de uso que deben aprobarse y exigirse para su uso en las\
            \ entidades, siguiendo, cuando proceda, un enfoque de agilidad criptogr\xE1\
            fica;"
        cs:
          name: null
          description: "na z\xE1klad\u011B p\xEDsmene a) protokoly nebo rodiny protokol\u016F\
            , kter\xE9 maj\xED b\xFDt p\u0159ijaty, a d\xE1le kryptografick\xE9 algoritmy,\
            \ \xFArove\u0148 \u0161ifrov\xE1n\xED, kryptografick\xE1 \u0159e\u0161\
            en\xED a postupy pou\u017E\xEDv\xE1n\xED, kter\xE9 maj\xED b\xFDt schv\xE1\
            leny a jejich\u017E pou\u017Eit\xED v p\u0159\xEDslu\u0161n\xFDch subjektech\
            \ se po\u017Eaduje, p\u0159\xEDpadn\u011B v souladu s p\u0159\xEDstupem\
            \ zalo\u017Een\xFDm na kryptografick\xE9 agilit\u011B;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2
      ref_id: 9.2.c
      description: "the relevant entities\u2019 approach to key management, including,\
        \ where appropriate, methods for the following:"
      translations:
        es:
          name: null
          description: "el enfoque de las entidades pertinentes sobre la gesti\xF3\
            n de claves, que incluya, cuando proceda, m\xE9todos para lo siguiente:"
        cs:
          name: null
          description: "p\u0159\xEDstup p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            \ k \u0159\xEDzen\xED kl\xED\u010D\u016F, v\u010Detn\u011B p\u0159\xED\
            padn\xFDch metod pro:\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.i
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.i
      description: generating different keys for cryptographic systems and applications;
      translations:
        es:
          name: null
          description: "generar distintas claves para sistemas y aplicaciones criptogr\xE1\
            ficos;"
        cs:
          name: null
          description: "generov\xE1n\xED r\u016Fzn\xFDch kl\xED\u010D\u016F pro kryptografick\xE9\
            \ syst\xE9my a aplikace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.ii
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.ii
      description: issuing and obtaining public key certificates;
      translations:
        es:
          name: null
          description: "expedir y obtener certificados de clave p\xFAblica;"
        cs:
          name: null
          description: "vyd\xE1v\xE1n\xED a z\xEDsk\xE1v\xE1n\xED certifik\xE1t\u016F\
            \ ve\u0159ejn\xFDch kl\xED\u010D\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.iii
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.iii
      description: distributing keys to intended entities, including how to activate
        keys when received;
      translations:
        es:
          name: null
          description: "distribuir claves a las entidades en cuesti\xF3n, incluida\
            \ informaci\xF3n sobre c\xF3mo activar las claves cuando se reciban;"
        cs:
          name: null
          description: "distribuci kl\xED\u010D\u016F ur\u010Den\xFDm subjekt\u016F\
            m, v\u010Detn\u011B zp\u016Fsobu aktivace kl\xED\u010D\u016F po jejich\
            \ obdr\u017Een\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.iv
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.iv
      description: storing keys, including how authorised users obtain access to keys;
      translations:
        es:
          name: null
          description: "almacenar claves, incluida informaci\xF3n sobre c\xF3mo acceden\
            \ a ellas los usuarios autorizados;"
        cs:
          name: null
          description: "ukl\xE1d\xE1n\xED kl\xED\u010D\u016F, v\u010Detn\u011B zp\u016F\
            sobu, jak\xFDm opr\xE1vn\u011Bn\xED u\u017Eivatel\xE9 z\xEDsk\xE1vaj\xED\
            \ p\u0159\xEDstup ke kl\xED\u010D\u016Fm;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.v
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.v
      description: changing or updating keys, including rules on when and how to change
        keys;
      translations:
        es:
          name: null
          description: "cambiar o actualizar las claves, incluida informaci\xF3n sobre\
            \ cu\xE1ndo y c\xF3mo modificarlas;"
        cs:
          name: null
          description: "zm\u011Bnu nebo aktualizaci kl\xED\u010D\u016F, v\u010Detn\u011B\
            \ pravidel, kdy a jak kl\xED\u010De m\u011Bnit;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.vi
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.vi
      description: dealing with compromised keys;
      translations:
        es:
          name: null
          description: gestionar las claves en riesgo;
        cs:
          name: null
          description: "nakl\xE1d\xE1n\xED s napaden\xFDmi kl\xED\u010Di;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.vii
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.vii
      description: revoking keys including how to withdraw or deactivate keys;
      translations:
        es:
          name: null
          description: "anular claves, incluida informaci\xF3n sobre c\xF3mo retirarlas\
            \ o desactivarlas;"
        cs:
          name: null
          description: "zru\u0161en\xED kl\xED\u010D\u016F v\u010Detn\u011B zp\u016F\
            sobu jejich odebr\xE1n\xED nebo deaktivace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.viii
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.viii
      description: recovering lost or corrupted keys;
      translations:
        es:
          name: null
          description: recuperar las claves perdidas o corrompidas;
        cs:
          name: null
          description: "obnoven\xED ztracen\xFDch nebo po\u0161kozen\xFDch kl\xED\u010D\
            \u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.ix
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.ix
      description: backing up or archiving keys;
      translations:
        es:
          name: null
          description: hacer copias de seguridad y crear archivos de las claves;
        cs:
          name: null
          description: "z\xE1lohov\xE1n\xED nebo archivaci kl\xED\u010D\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.x
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.x
      description: destroying keys;
      translations:
        es:
          name: null
          description: destruir claves;
        cs:
          name: null
          description: "ni\u010Den\xED kl\xED\u010D\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.xi
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.xi
      description: logging and auditing of key management-related activities;
      translations:
        es:
          name: null
          description: "hacer un registro y auditar las actividades relativas a la\
            \ gesti\xF3n de claves."
        cs:
          name: null
          description: "veden\xED protokol\u016F a prov\xE1d\u011Bn\xED auditu kl\xED\
            \u010Dov\xFDch \u010Dinnost\xED souvisej\xEDc\xEDch s \u0159\xEDzen\xED\
            m;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c.xii
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.2.c
      ref_id: 9.2.c.xii
      description: setting activation and deactivation dates for keys ensuring that
        the keys can only be used for the specified period of time according to the
        organization's rules on key management.
      translations:
        es:
          name: null
          description: "fijar las fechas de activaci\xF3n y desactivaci\xF3n de las\
            \ claves asegur\xE1ndose de que estas solo pueden utilizarse durante el\
            \ per\xEDodo de tiempo especificado de acuerdo con las normas de gesti\xF3\
            n de claves de la organizaci\xF3n."
        cs:
          name: null
          description: "nastaven\xED dat pro aktivaci a deaktivaci kl\xED\u010D\u016F\
            , aby se zajistilo, \u017Ee kl\xED\u010De lze pou\u017E\xEDvat pouze po\
            \ stanovenou dobu v souladu s pravidly organizace pro spr\xE1vu kl\xED\
            \u010D\u016F.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9.3
      assessable: true
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:9
      ref_id: '9.3'
      description: The relevant entities shall review and, where appropriate, update
        their policy and procedures at planned intervals, taking into account the
        state of the art in cryptography.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las orientaciones y los procedimientos a intervalos\
            \ planificados teniendo en cuenta los \xFAltimos avances en criptograf\xED\
            a."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            \ sv\xE9 z\xE1sady a postupy s ohledem na nejnov\u011Bj\u0161\xED poznatky\
            \ v oblasti kryptografie."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10
      assessable: false
      depth: 1
      ref_id: '10'
      name: HUMAN RESOURCES SECURITY (ARTICLE 21(2), POINT (I), OF DIRECTIVE (EU)
        2022/2555)
      translations:
        es:
          name: "SEGURIDAD DE LOS RECURSOS HUMANOS [Art\xEDculo 21, Apartado 2, Letra\
            \ I), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Bezpe\u010Dnost lidsk\xFDch zdroj\u016F (\u010Dl. 21 odst. 2 p\xED\
            sm. i) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10
      ref_id: '10.1'
      name: Human resources security
      translations:
        es:
          name: Seguridad de los recursos humanos
          description: null
        cs:
          name: "Bezpe\u010Dnost lidsk\xFDch zdroj\u016F"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1
      ref_id: 10.1.1
      description: " For the purpose of Article 21(2), point (i) of Directive (EU)\
        \ 2022/2555, the relevant entities shall ensure that their employees and direct\
        \ suppliers and service providers, wherever applicable, understand and commit\
        \ to their security responsibilities, as appropriate for the offered services\
        \ and the job and in line with the relevant entities\u2019 policy on the security\
        \ of network and information systems."
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes se asegurar\xE1\
            n de que sus empleados y sus proveedores y prestadores de servicios directos,\
            \ cuando proceda, entiendan sus responsabilidades en materia de seguridad\
            \ y se comprometan a ellas, seg\xFAn convenga con relaci\xF3n a los servicios\
            \ ofrecidos y el puesto de trabajo y en consonancia con la pol\xEDtica\
            \ de seguridad de los sistemas de redes y de informaci\xF3n de la entidad\
            \ pertinente."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. i) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby\
            \ jejich zam\u011Bstnanci a p\u0159\xEDpadn\u011B p\u0159\xEDm\xED dodavatel\xE9\
            \ a poskytovatel\xE9 slu\u017Eeb porozum\u011Bli sv\xFDm povinnostem t\xFD\
            kaj\xEDc\xEDm se bezpe\u010Dnosti a aby se k jejich dodr\u017Eov\xE1n\xED\
            \ zav\xE1zali, a to v n\xE1vaznosti na poskytovan\xE9 slu\u017Eby a pracovn\xED\
            \ m\xEDsta a v souladu s politikou p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            \ v oblasti bezpe\u010Dnosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1
      ref_id: 10.1.2
      description: 'The requirement referred to in point 10.1.1. shall include the
        following:'
      translations:
        es:
          name: null
          description: "El requisito contemplado en el punto 10.1.1 incluir\xE1 lo\
            \ siguiente:"
        cs:
          name: null
          description: "Po\u017Eadavek uveden\xFD v bod\u011B 10.1.1 mus\xED zahrnovat:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2
      ref_id: 10.1.2.a
      description: mechanisms to ensure that all employees, direct suppliers and service
        providers, wherever applicable, understand and follow the standard cyber hygiene
        practices that the relevant entities apply pursuant to point 8.1.;
      translations:
        es:
          name: null
          description: "mecanismos para garantizar que todos los empleados, proveedores\
            \ y prestadores de servicios directos, cuando proceda, entiendan y respeten\
            \ las pr\xE1cticas est\xE1ndar de ciberhigiene aplicadas por las entidades\
            \ pertinentes de acuerdo con el punto 8.1;"
        cs:
          name: null
          description: "mechanismy, kter\xE9 zajist\xED, aby v\u0161ichni zam\u011B\
            stnanci, p\u0159\xEDpadn\u011B p\u0159\xEDm\xED dodavatel\xE9 a poskytovatel\xE9\
            \ slu\u017Eeb porozum\u011Bli standardn\xEDm postup\u016Fm v oblasti kybernetick\xE9\
            \ hygieny, kter\xE9 p\u0159\xEDslu\u0161n\xE9 subjekty uplat\u0148uj\xED\
            \ podle bodu 8.1, a aby je dodr\u017Eovali;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2
      ref_id: 10.1.2.b
      description: mechanisms to ensure that all users with administrative or privileged
        access are aware of and act in accordance with their roles, responsibilities
        and authorities;
      translations:
        es:
          name: null
          description: "mecanismos para garantizar que todos los usuarios que dispongan\
            \ de acceso de administraci\xF3n o privilegiado conozcan sus roles, responsabilidades\
            \ y autoridades y act\xFAen de conformidad con ellos;"
        cs:
          name: null
          description: "mechanismy, kter\xE9 zajist\xED, aby si v\u0161ichni u\u017E\
            ivatel\xE9 s administr\xE1torsk\xFDm nebo privilegovan\xFDm p\u0159\xED\
            stupem byli v\u011Bdomi sv\xFDch \xFAkol\u016F, odpov\u011Bdnost\xED a\
            \ pravomoc\xED a jednali v souladu s nimi;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2
      ref_id: 10.1.2.c
      description: mechanisms to ensure that members of management bodies understand
        and act in accordance with their role, responsibilities and authorities regarding
        network and information system security;
      translations:
        es:
          name: null
          description: "mecanismos para garantizar que los miembros de los \xF3rganos\
            \ de direcci\xF3n conozcan sus roles, responsabilidades y autoridades\
            \ y act\xFAen de conformidad con ellos en lo que se refiere a la seguridad\
            \ de los sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "mechanismy, kter\xE9 zajist\xED, aby \u010Dlenov\xE9 \u0159\
            \xEDd\xEDc\xEDch org\xE1n\u016F porozum\u011Bli sv\xFDm \xFAkol\u016F\
            m, odpov\u011Bdnostem a pravomoc\xEDm v oblasti bezpe\u010Dnosti s\xED\
            t\xED a informa\u010Dn\xEDch syst\xE9m\u016F a aby jednali v souladu s\
            \ nimi;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.2
      ref_id: 10.1.2.d
      description: mechanisms for hiring personnel qualified for the respective roles,
        such as reference checks, vetting procedures, validation of certifications,
        or written tests.
      translations:
        es:
          name: null
          description: "mecanismos para contratar personal cualificado para los roles\
            \ correspondientes, como por ejemplo, los controles de referencia, los\
            \ procedimientos de evaluaci\xF3n, la validaci\xF3n de certificaciones\
            \ o las pruebas escritas."
        cs:
          name: null
          description: "mechanismy pro n\xE1bor pracovn\xEDk\u016F maj\xEDc\xEDch\
            \ kvalifikaci pro p\u0159\xEDslu\u0161n\xE9 funkce, jako jsou ov\u011B\
            \u0159en\xED referenc\xED, postupy prov\u011B\u0159ov\xE1n\xED, ov\u011B\
            \u0159ov\xE1n\xED certifik\xE1t\u016F nebo p\xEDsemn\xE9 testy.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.1
      ref_id: 10.1.3
      description: The relevant entities shall review the assignment of personnel
        to specific roles as referred to in point 1.2., as well as their commitment
        of human resources in that regard, at planned intervals and at least annually.
        They shall update the assignment where necessary.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n la asignaci\xF3n de\
            \ personal a roles espec\xEDficos, tal como se recoge en el punto 1.2,\
            \ as\xED como su atribuci\xF3n de recursos humanos a este respecto, a\
            \ intervalos planificados y al menos una vez al a\xF1o. Las entidades\
            \ actualizar\xE1n la asignaci\xF3n cuando sea necesario."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech,\
            \ nejm\xE9n\u011B v\u0161ak jednou ro\u010Dn\u011B, p\u0159ezkoumaj\xED\
            \ za\u0159azen\xED pracovn\xEDk\u016F na konkr\xE9tn\xED funkce uveden\xE9\
            \ v bod\u011B 1.2 a vy\u010Dlen\u011Bn\xED lidsk\xFDch zdroj\u016F v tomto\
            \ ohledu. V p\u0159\xEDpad\u011B pot\u0159eby za\u0159azen\xED aktualizuj\xED\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10
      ref_id: '10.2'
      name: Vulnerability handling and disclosure
      translations:
        es:
          name: "Comprobaci\xF3n de antecedentes"
          description: null
        cs:
          name: "Ov\u011B\u0159en\xED spolehlivosti"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2
      ref_id: 10.2.1
      description: The relevant entities shall ensure to the extent feasible verification
        of the background of their employees, and where applicable of direct suppliers
        and service providers in accordance with point 5.1.4, if necessary for their
        role, responsibilities and authorisations.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes se asegurar\xE1n, en la medida posible,\
            \ de comprobar los antecedentes personales de sus empleados y, cuando\
            \ proceda, de sus proveedores y prestadores de servicios directos, de\
            \ conformidad con el apartado 5.1.4, cuando resulte necesario para sus\
            \ roles, responsabilidades y autoridades."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v provediteln\xE9m rozsahu\
            \ zajist\xED, aby se u jejich zam\u011Bstnanc\u016F a v p\u0159\xEDslu\u0161\
            n\xFDch p\u0159\xEDpadech u p\u0159\xEDm\xFDch dodavatel\u016F a poskytovatel\u016F\
            \ slu\u017Eeb prov\xE1d\u011Blo ov\u011B\u0159ov\xE1n\xED spolehlivosti\
            \ v souladu s bodem 5.1.4, pokud to vy\u017Eaduj\xED jejich \xFAkoly,\
            \ povinnosti a opr\xE1vn\u011Bn\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2
      ref_id: 10.2.2
      description: 'For the purpose of point 10.2.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 10.2.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 10.2.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2
      ref_id: 10.2.2.a
      description: put in place criteria, which set out which roles, responsibilities
        and authorities shall only be exercised by persons whose background has been
        verified;
      translations:
        es:
          name: null
          description: "aplicar\xE1n criterios que establezcan qu\xE9 roles, responsabilidades\
            \ y autoridades deben ejercer exclusivamente aquellas personas cuyos antecedentes\
            \ hayan sido comprobados;"
        cs:
          name: null
          description: "zavedou krit\xE9ria, kter\xE1 stanov\xED, kter\xE9 \xFAkoly,\
            \ odpov\u011Bdnosti a pravomoci mohou vykon\xE1vat pouze osoby, jejich\u017E\
            \ spolehlivost byla ov\u011B\u0159ena;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.2
      ref_id: 10.2.2.b
      description: ensure that verification referred to in point 10.2.1 is performed
        on these persons before they start exercising these roles, responsibilities
        and authorities, which shall take into consideration the applicable laws,
        regulations, and ethics in proportion to the business requirements, the asset
        classification as referred to in point 12.1. and the network and information
        systems to be accessed, and the perceived risks.
      translations:
        es:
          name: null
          description: "se asegurar\xE1n de que estas comprobaciones contempladas\
            \ en el punto 10.2.1 se lleven a cabo antes de que estas personas empiecen\
            \ a ejercer dichos roles, responsabilidades y autoridades, que tendr\xE1\
            n en cuenta las disposiciones legales, normativas y \xE9ticas aplicables\
            \ en proporci\xF3n a los requisitos operativos, la clasificaci\xF3n de\
            \ activos contemplada en el apartado 12.1 y los sistemas de redes y de\
            \ informaci\xF3n a los que va a accederse, as\xED como los riesgos percibidos."
        cs:
          name: null
          description: "zajist\xED, aby ov\u011B\u0159en\xED spolehlivosti t\u011B\
            chto osob uveden\xE9 v bod\u011B 10.2.1, kter\xE9 vezme v potaz platn\xE9\
            \ z\xE1kony, p\u0159edpisy a etick\xE9 z\xE1sady \xFAm\u011Brn\u011B k\
            \ obchodn\xEDm po\u017Eadavk\u016Fm, ke klasifikaci aktiv podle bodu 12.1,\
            \ k s\xEDt\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm, k nim\u017E maj\xED\
            \ m\xEDt p\u0159\xEDstup, a vn\xEDman\xFDm rizik\u016Fm bylo provedeno\
            \ p\u0159ed t\xEDm, ne\u017E tyto osoby za\u010Dnou vykon\xE1vat dan\xE9\
            \ \xFAkoly, odpov\u011Bdnosti a pravomoci.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.2
      ref_id: 10.2.3
      description: The relevant entities shall review and, where appropriate, update
        the policy at planned intervals and update it where necessary.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n la pol\xEDtica a intervalos\
            \ planificados y la actualizar\xE1n seg\xFAn proceda."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty tuto politiku v pl\xE1\
            novan\xFDch intervalech p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B\
            \ pot\u0159eby aktualizuj\xED a v p\u0159\xEDpad\u011B pot\u0159eby ji\
            \ aktualizuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10
      ref_id: '10.3'
      name: Termination or change of employment procedures
      translations:
        es:
          name: "Terminaci\xF3n o cambio de los procedimientos de contrataci\xF3n"
          description: null
        cs:
          name: "Postup p\u0159i ukon\u010Den\xED nebo zm\u011Bn\u011B pracovn\xED\
            ho pom\u011Bru"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3
      ref_id: 10.3.1
      description: The relevant entities shall ensure that network and information
        system security responsibilities and duties that remain valid after termination
        or change of employment of their employees are contractually defined and enforced.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes se asegurar\xE1n de que la seguridad\
            \ de los sistemas de redes y de informaci\xF3n y las tareas que sigan\
            \ siendo v\xE1lidas tras la terminaci\xF3n o el cambio de empleo de sus\
            \ empleados se definan y ejecuten contractualmente."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby byly smluvn\u011B\
            \ vymezeny a vym\xE1h\xE1ny odpov\u011Bdnosti a povinnosti v oblasti bezpe\u010D\
            nosti s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F, kter\xE9 z\u016F\
            st\xE1vaj\xED v platnosti i po ukon\u010Den\xED nebo zm\u011Bn\u011B pracovn\xED\
            ho pom\u011Bru jejich zam\u011Bstnanc\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.3
      ref_id: 10.3.2
      description: "For the purpose of point 10.3.1., the relevant entities shall\
        \ include in the individual\u2019s terms and conditions of employment, contract\
        \ or agreement the responsibilities and duties that are still valid after\
        \ termination of employment or contract, such as confidentiality clauses."
      translations:
        es:
          name: null
          description: "A los efectos del punto 10.3.1, las entidades pertinentes\
            \ recoger\xE1n en las condiciones de empleo, contrato o acuerdo de cada\
            \ persona, las responsabilidades y funciones que siguen teniendo validez\
            \ una vez finalizado el empleo o contrato, como por ejemplo las cl\xE1\
            usulas de confidencialidad."
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 10.3.1 p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ za\u010Dlen\xED do pracovn\xEDch podm\xEDnek, smlouvy nebo dohody fyzick\xE9\
            \ osoby odpov\u011Bdnosti a povinnosti, kter\xE9 z\u016Fst\xE1vaj\xED\
            \ v platnosti i po ukon\u010Den\xED pracovn\xEDho pom\u011Bru nebo smlouvy,\
            \ nap\u0159\xEDklad ustanoven\xED o d\u016Fv\u011Brnosti."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10
      ref_id: '10.4'
      name: Disciplinary process
      translations:
        es:
          name: Procedimiento disciplinario
          description: null
        cs:
          name: "Disciplin\xE1rn\xED \u0159\xEDzen\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4
      ref_id: 10.4.1
      description: The relevant entities shall establish, communicate and maintain
        a disciplinary process for handling violations of network and information
        system security policies. The process shall take into consideration relevant
        legal, statutory, contractual and business requirements.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n, comunicar\xE1n\
            \ y mantendr\xE1n un procedimiento disciplinario para gestionar los incumplimientos\
            \ de las pol\xEDticas de seguridad de los sistemas de redes y de informaci\xF3\
            n. El proceso tendr\xE1 en cuenta los requisitos legales, estatutarios,\
            \ contractuales y empresariales pertinentes."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zavedou, sd\u011Bl\xED\
            \ a udr\u017Euj\xED disciplin\xE1rn\xED postup pro \u0159e\u0161en\xED\
            \ poru\u0161en\xED politik bezpe\u010Dnosti s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F. Tento postup zohled\u0148uje p\u0159\xEDslu\u0161\
            n\xE9 pr\xE1vn\xED, z\xE1konn\xE9, smluvn\xED a obchodn\xED po\u017Eadavky."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:10.4
      ref_id: 10.4.2
      description: The relevant entities shall review and, where appropriate, update
        the disciplinary process at planned intervals, and when necessary due to legal
        changes or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n los procedimientos disciplinarios a intervalos planificados\
            \ o cuando resulte necesario debido a cambios jur\xEDdicos o cambios significativos\
            \ en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ a v p\u0159\xEDpad\u011B pot\u0159eby v d\u016Fsledku pr\xE1vn\xEDch\
            \ zm\u011Bn nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik disciplin\xE1\
            rn\xED postup p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159\
            eby aktualizuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      assessable: false
      depth: 1
      ref_id: '11'
      name: ACCESS CONTROL (ARTICLE 21(2), POINTS (I) AND (J), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "CONTROL DE ACCESOS [Art\xEDculo 21, Apartado 2, Letras I) y J), de\
            \ la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Kontrola p\u0159\xEDstupu (\u010Dl. 21 odst. 2 p\xEDsm. i) a j) sm\u011B\
            rnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.1'
      name: Access control policy
      translations:
        es:
          name: "Pol\xEDtica de control de accesos"
          description: null
        cs:
          name: "Postup kontroly p\u0159\xEDstupu"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1
      ref_id: 11.1.1
      description: For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555,
        the relevant entities shall establish, document and implement logical and
        physical access control policies for the access to their network and information
        systems, based on business requirements as well as network and information
        system security requirements.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\
            n, documentar\xE1n y pondr\xE1n en marcha pol\xEDticas de control de acceso\
            \ l\xF3gico y f\xEDsico relativas al acceso a sus sistemas de redes y\
            \ de informaci\xF3n; bas\xE1ndose en requisitos empresariales y en requisitos\
            \ de seguridad de los sistemas de redes y de informaci\xF3n."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. i) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zdokumentuj\xED\
            \ a zavedou politiky \u0159\xEDzen\xED logick\xE9ho a fyzick\xE9ho p\u0159\
            \xEDstupu k jejich s\xEDt\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm\
            \ na z\xE1klad\u011B obchodn\xEDch po\u017Eadavk\u016F a po\u017Eadavk\u016F\
            \ na bezpe\u010Dnost s\xEDt\xED a informa\u010Dn\xEDho syst\xE9mu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1
      ref_id: 11.1.2
      description: 'The policies referred to in point 11.1.1. shall:'
      translations:
        es:
          name: null
          description: "La pol\xEDtica a que hace referencia el punto 11.1.1 se encargar\xE1\
            \ de lo siguiente:"
        cs:
          name: null
          description: "Politiky uveden\xE9 v bod\u011B 11.1.1:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2
      ref_id: 11.1.2.a
      description: address access by persons, including staff, visitors, and external
        entities such as suppliers and service providers;
      translations:
        es:
          name: null
          description: el acceso de personas, como el personal, los visitantes y las
            entidades externas, como los proveedores y prestadores de servicios;
        cs:
          name: null
          description: "\u0159e\u0161\xED p\u0159\xEDstup ze strany osob, v\u010D\
            etn\u011B zam\u011Bstnanc\u016F, n\xE1v\u0161t\u011Bvn\xEDk\u016F a extern\xED\
            ch subjekt\u016F, jako jsou dodavatel\xE9 a poskytovatel\xE9 slu\u017E\
            eb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2
      ref_id: 11.1.2.b
      description: address access by network and information systems;
      translations:
        es:
          name: null
          description: "el acceso por parte de los sistemas de redes y de informaci\xF3\
            n;"
        cs:
          name: null
          description: "\u0159e\u0161\xED p\u0159\xEDstup prost\u0159ednictv\xEDm\
            \ s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.2
      ref_id: 11.1.2.c
      description: ensure that access is only granted to users that have been adequately
        authenticated.
      translations:
        es:
          name: null
          description: garantizar que solo se autorice el acceso a usuarios que hayan
            sido debidamente autenticados.
        cs:
          name: null
          description: "zajist\xED, aby byl p\u0159\xEDstup ud\u011Blen pouze u\u017E\
            ivatel\u016Fm, kte\u0159\xED byli \u0159\xE1dn\u011B ov\u011B\u0159eni.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.1
      ref_id: 11.1.3
      description: The relevant entities shall review and, where appropriate, update
        the policies at planned intervals and when significant incidents or significant
        changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n las pol\xEDticas a intervalos planificados o cuando\
            \ se produzcan incidentes significativos o cambios significativos en las\
            \ operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty tyto politiky p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1\
            novan\xFDch intervalech a p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            \ nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.2'
      name: Management of access rights
      translations:
        es:
          name: "Gesti\xF3n de derechos de acceso"
          description: null
        cs:
          name: "Spr\xE1va p\u0159\xEDstupov\xFDch pr\xE1v"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2
      ref_id: 11.2.1
      description: The relevant entities shall provide, modify, remove and document
        access rights to network and information systems in accordance with the access
        control policy referred to in point 11.1.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes ofrecer\xE1n, modificar\xE1n, retirar\xE1\
            n y documentar\xE1n los derechos de acceso a los sistemas de redes y de\
            \ informaci\xF3n de conformidad con la pol\xEDtica de control de accesos\
            \ prevista en el punto 11.1."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty poskytuj\xED, upravuj\xED\
            , odeb\xEDraj\xED a dokumentuj\xED p\u0159\xEDstupov\xE1 pr\xE1va k s\xED\
            t\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm v souladu s politikou \u0159\
            \xEDzen\xED p\u0159\xEDstupu uvedenou v bod\u011B 11.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2
      ref_id: 11.2.2
      description: 'The relevant entities shall:'
      translations:
        es:
          name: null
          description: 'Las entidades pertinentes:'
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.a
      description: assign and revoke access rights based on the principles of need-to-know,
        least privilege and separation of duties;
      translations:
        es:
          name: null
          description: "conceder\xE1n y retirar\xE1n los derechos de acceso sobre\
            \ la base de los principios de necesidad de conocer, el m\xEDnimo privilegio\
            \ y separaci\xF3n de competencias;"
        cs:
          name: null
          description: "p\u0159id\u011Bluj\xED a odeb\xEDraj\xED p\u0159\xEDstupov\xE1\
            \ pr\xE1va podle z\xE1sady \u201Epot\u0159eba v\u011Bd\u011Bt\u201C, z\xE1\
            sady minim\xE1ln\xEDch pr\xE1v a z\xE1sady odd\u011Blen\xED funkc\xED\
            ;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.b
      description: ensure that access rights are modified accordingly upon termination
        or change of employment;
      translations:
        es:
          name: null
          description: "velar\xE1n por que los derechos de acceso se modifiquen en\
            \ consecuencia tras la terminaci\xF3n o el cambio de empleo;"
        cs:
          name: null
          description: "zajist\xED, aby byla p\u0159\xEDstupov\xE1 pr\xE1va p\u0159\
            i ukon\u010Den\xED nebo zm\u011Bn\u011B pracovn\xEDho pom\u011Bru odpov\xED\
            daj\xEDc\xEDm zp\u016Fsobem upravena;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.c
      description: ensure that access to network and information systems is authorised
        by the relevant persons;
      translations:
        es:
          name: null
          description: "velar\xE1n por que las personas pertinentes autoricen el acceso\
            \ a los sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "zajist\xED, aby p\u0159\xEDstup k s\xEDt\xEDm a informa\u010D\
            n\xEDm syst\xE9m\u016Fm byl autorizov\xE1n p\u0159\xEDslu\u0161n\xFDmi\
            \ osobami;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.d
      description: ensure that access rights appropriately address third-party access,
        such as visitors, suppliers and service providers, in particular by limiting
        access rights in scope and in duration;
      translations:
        es:
          name: null
          description: "velar\xE1n por que los derechos de acceso se encarguen debidamente\
            \ del acceso de terceros, como visitantes o proveedores y prestadores\
            \ de servicios, especialmente limitando los derechos de acceso en su alcance\
            \ y duraci\xF3n;"
        cs:
          name: null
          description: "zajist\xED, aby p\u0159\xEDstupov\xE1 pr\xE1va vhodn\u011B\
            \ \u0159e\u0161ila p\u0159\xEDstup t\u0159et\xEDch stran, jako jsou n\xE1\
            v\u0161t\u011Bvn\xEDci, dodavatel\xE9 a poskytovatel\xE9 slu\u017Eeb,\
            \ zejm\xE9na omezen\xEDm rozsahu a doby trv\xE1n\xED p\u0159\xEDstupov\xFD\
            ch pr\xE1v;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.e
      description: maintain a register of access rights granted;
      translations:
        es:
          name: null
          description: "mantendr\xE1n un registro de los derechos de acceso concedidos;"
        cs:
          name: null
          description: "vedou registr ud\u011Blen\xFDch p\u0159\xEDstupov\xFDch pr\xE1\
            v;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.2
      ref_id: 11.2.2.f
      description: apply logging to the management of access rights.
      translations:
        es:
          name: null
          description: "realizar\xE1n un registro de la gesti\xF3n de los derechos\
            \ de acceso."
        cs:
          name: null
          description: "pou\u017E\xEDvaj\xED veden\xED protokol\u016F pro spr\xE1\
            vu p\u0159\xEDstupov\xFDch pr\xE1v.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.2
      ref_id: 11.2.3
      description: The relevant entities shall review access rights at planned intervals
        and shall modify them based on organisational changes. The relevant entities
        shall document the results of the review including the necessary changes of
        access rights.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n los derechos de acceso\
            \ a intervalos planificados y los modificar\xE1n seg\xFAn los cambios\
            \ organizativos. Las entidades pertinentes documentar\xE1n los resultados\
            \ de la revisi\xF3n e incluir\xE1n los cambios necesarios de los derechos\
            \ de acceso."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoum\xE1vaj\xED p\u0159\xEDstupov\xE1 pr\xE1va a upravuj\xED\
            \ je na z\xE1klad\u011B organiza\u010Dn\xEDch zm\u011Bn. P\u0159\xEDslu\u0161\
            n\xE9 subjekty zdokumentuj\xED v\xFDsledky p\u0159ezkumu v\u010Detn\u011B\
            \ nezbytn\xFDch zm\u011Bn p\u0159\xEDstupov\xFDch pr\xE1v."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.3'
      name: Privileged accounts and system administration accounts
      translations:
        es:
          name: "Cuentas privilegiadas y cuentas de administraci\xF3n del sistema"
          description: null
        cs:
          name: "Administr\xE1torsk\xE9 \xFA\u010Dty a \xFA\u010Dty pro spr\xE1vu\
            \ syst\xE9mu"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3
      ref_id: 11.3.1
      description: The relevant entities shall maintain policies for management of
        privileged accounts and system administration accounts as part of the access
        control policy referred to in point 11.1.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes dispondr\xE1n de orientaciones para\
            \ la gesti\xF3n de cuentas privilegiadas y cuentas de administraci\xF3\
            n del sistema como parte de la pol\xEDtica de control de acceso contemplada\
            \ en el punto 11.1."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty udr\u017Euj\xED politiky\
            \ pro spr\xE1vu administr\xE1torsk\xFDch \xFA\u010Dt\u016F a \xFA\u010D\
            t\u016F pro spr\xE1vu syst\xE9mu jako sou\u010D\xE1st politiky \u0159\xED\
            zen\xED p\u0159\xEDstupu uvedenou v bod\u011B 11.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3
      ref_id: 11.3.2
      description: 'The policies referred to in point 11.3.1. shall:'
      translations:
        es:
          name: null
          description: "La pol\xEDtica a que hace referencia el punto 11.3.1 se encargar\xE1\
            \ de lo siguiente:"
        cs:
          name: null
          description: "Politiky uveden\xE9 v bod\u011B 11.3.1:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2
      ref_id: 11.3.2.a
      description: establish strong identification, authentication such as multi-factor
        authentication, and authorisation procedures for privileged accounts and system
        administration accounts;
      translations:
        es:
          name: null
          description: "establecer procedimientos s\xF3lidos de identificaci\xF3n\
            \ y autenticaci\xF3n, como la autenticaci\xF3n de m\xFAltiples factores,\
            \ y procedimientos de autorizaci\xF3n para cuentas privilegiadas y cuentas\
            \ de administraci\xF3n del sistema;"
        cs:
          name: null
          description: "zav\xE1d\u011Bj\xED silnou identifikaci, autentizaci, jako\
            \ je nap\u0159. v\xEDcefaktorov\xE1 autentizace, a postupy schvalov\xE1\
            n\xED pro administr\xE1torsk\xE9 \xFA\u010Dty a \xFA\u010Dty pro spr\xE1\
            vu syst\xE9mu;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2
      ref_id: 11.3.2.b
      description: set up specific accounts to be used for system administration operations
        exclusively, such as installation, configuration, management or maintenance;
      translations:
        es:
          name: null
          description: "crear cuentas espec\xEDficas que vayan a utilizarse exclusivamente\
            \ para operaciones de administraci\xF3n del sistema, tales como la instalaci\xF3\
            n, la configuraci\xF3n, la gesti\xF3n o el mantenimiento;"
        cs:
          name: null
          description: "z\u0159izuj\xED specifick\xE9 \xFA\u010Dty, kter\xE9 se budou\
            \ pou\u017E\xEDvat v\xFDhradn\u011B pro operace spr\xE1vy syst\xE9mu,\
            \ jako je instalace, konfigurace, spr\xE1va nebo \xFAdr\u017Eba;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2
      ref_id: 11.3.2.c
      description: individualise and restrict system administration privileges to
        the highest extent possible,
      translations:
        es:
          name: null
          description: "personalizar y restringir en la mayor medida posible los privilegios\
            \ de la administraci\xF3n del sistema;"
        cs:
          name: null
          description: "v maxim\xE1ln\xED mo\u017En\xE9 m\xED\u0159e individualizuj\xED\
            \ a omezuj\xED opr\xE1vn\u011Bn\xED pro spr\xE1vu syst\xE9mu;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.2
      ref_id: 11.3.2.d
      description: provide that system administration accounts are only used to connect
        to system administration systems.
      translations:
        es:
          name: null
          description: "prever que las cuentas de administraci\xF3n del sistema solo\
            \ se utilicen para conectarse a los sistemas de administraci\xF3n correspondientes."
        cs:
          name: null
          description: "zajist\xED, aby se \xFA\u010Dty pro spr\xE1vu syst\xE9mu pou\u017E\
            \xEDvaly pouze pro p\u0159ipojen\xED k syst\xE9m\u016Fm pro spr\xE1vu\
            \ syst\xE9mu.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.3
      ref_id: 11.3.3
      description: ' The relevant entities shall review access rights of privileged
        accounts and system administration accounts at planned intervals and be modified
        based on organisational changes, and shall document the results of the review,
        including the necessary changes of access rights.'
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n los derechos de acceso\
            \ de las cuentas privilegiadas y las cuentas de administraci\xF3n del\
            \ sistema a intervalos planificados, los modificar\xE1n teniendo en cuenta\
            \ los cambios organizativos y documentar\xE1n los resultados de la revisi\xF3\
            n, incluidos los cambios necesarios en los derechos de acceso."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoum\xE1vaj\xED p\u0159\xEDstupov\xE1 pr\xE1va administr\xE1\
            torsk\xFDch \xFA\u010Dt\u016F a \xFA\u010Dt\u016F pro spr\xE1vu syst\xE9\
            mu, kter\xE1 upravuj\xED na z\xE1klad\u011B organiza\u010Dn\xEDch zm\u011B\
            n, a v\xFDsledky p\u0159ezkumu, v\u010Detn\u011B nezbytn\xFDch zm\u011B\
            n p\u0159\xEDstupov\xFDch pr\xE1v, dokumentuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.4'
      name: Administration systems
      translations:
        es:
          name: "Sistemas de administraci\xF3n"
          description: null
        cs:
          name: "Syst\xE9my spr\xE1vy"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4
      ref_id: 11.4.1
      description: The relevant entities shall restrict and control the use of system
        administration systems in accordance with the access control policy referred
        to in point 11.1.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes restringir\xE1n el uso de los sistemas\
            \ de administraci\xF3n del sistema de conformidad con la pol\xEDtica de\
            \ control de accesos prevista en el punto 11.1."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty omez\xED a \u0159\xEDd\xED\
            \ pou\u017E\xEDv\xE1n\xED syst\xE9m\u016F pro spr\xE1vu syst\xE9mu v souladu\
            \ s politikou \u0159\xEDzen\xED p\u0159\xEDstupu uvedenou v bod\u011B\
            \ 11.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4
      ref_id: 11.4.2
      description: 'For that purpose, the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A tal efecto, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2
      ref_id: 11.4.2.a
      description: only use system administration systems for system administration
        purposes, and not for any other operations;
      translations:
        es:
          name: null
          description: "utilizar\xE1n \xFAnicamente sistemas de administraci\xF3n\
            \ del sistema a efectos de administraci\xF3n del mismo y no para otras\
            \ operaciones;"
        cs:
          name: null
          description: "pou\u017E\xEDvaj\xED syst\xE9my pro spr\xE1vu syst\xE9mu pouze\
            \ pro \xFA\u010Dely spr\xE1vy syst\xE9mu, a nikoli pro jin\xE9 operace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2
      ref_id: 11.4.2.b
      description: separate logically such systems from application software not used
        for system administrative purposes,
      translations:
        es:
          name: null
          description: "separar l\xF3gicamente estos sistemas de los programas de\
            \ aplicaci\xF3n que no se utilicen con fines de administraci\xF3n del\
            \ sistema;"
        cs:
          name: null
          description: "logicky odd\u011Bl\xED tyto syst\xE9my od aplika\u010Dn\xED\
            ho softwaru, kter\xFD se nepou\u017E\xEDv\xE1 pro \xFA\u010Dely spr\xE1\
            vy syst\xE9mu,\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.4.2
      ref_id: 11.4.2.c
      description: protect access to system administration systems through authentication
        and encryption.
      translations:
        es:
          name: null
          description: "proteger\xE1n el acceso a los sistemas de administraci\xF3\
            n del sistema mediante la autenticaci\xF3n y el cifrado."
        cs:
          name: null
          description: "chr\xE1n\xED p\u0159\xEDstup k syst\xE9m\u016Fm spr\xE1vy\
            \ pomoc\xED ov\u011B\u0159ov\xE1n\xED a \u0161ifrov\xE1n\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.5'
      name: Identification
      translations:
        es:
          name: "Identificaci\xF3n"
          description: null
        cs:
          name: ' Identifikace'
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5
      ref_id: 11.5.1
      description: The relevant entities shall manage the full life cycle of identities
        of network and information systems and their users.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes gestionar\xE1n todo el ciclo de\
            \ vida de las identidades de los sistemas de redes y de informaci\xF3\
            n y sus usuarios."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty \u0159\xEDd\xED cel\xFD\
            \ \u017Eivotn\xED cyklus identit s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F a jejich u\u017Eivatel\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5
      ref_id: 11.5.2
      description: 'For that purpose, the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A tal efecto, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2
      ref_id: 11.5.2.a
      description: set up unique identities for network and information systems and
        their users;
      translations:
        es:
          name: null
          description: "crear\xE1n identidades \xFAnicas para los sistemas de redes\
            \ y de informaci\xF3n y sus usuarios;"
        cs:
          name: null
          description: "nastav\xED jedine\u010Dn\xE9 identity pro s\xEDt\u011B a informa\u010D\
            n\xED syst\xE9my a jejich u\u017Eivatele;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2
      ref_id: 11.5.2.b
      description: link the identity of users to a single person;
      translations:
        es:
          name: null
          description: "asociar\xE1n la identidad de los usuarios a una sola persona;"
        cs:
          name: null
          description: "spoj\xED identitu u\u017Eivatel\u016F s jedinou osobou;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2
      ref_id: 11.5.2.c
      description: ensure oversight of identities of network and information systems;
      translations:
        es:
          name: null
          description: "se encargar\xE1n de la supervisi\xF3n de las identidades de\
            \ los sistemas de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "zajist\xED dohled nad identitami s\xEDt\xED a informa\u010D\
            n\xEDch syst\xE9m\u016F;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.2
      ref_id: 11.5.2.d
      description: apply logging to the management of identities.
      translations:
        es:
          name: null
          description: "realizar\xE1n un registro de la gesti\xF3n de las identidades."
        cs:
          name: null
          description: "pou\u017Eij\xED veden\xED protokol\u016F pro \u0159\xEDzen\xED\
            \ identit.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5
      ref_id: 11.5.3
      description: The relevant entities shall only permit identities assigned to
        multiple persons, such as shared identities, where they are necessary for
        business or operational reasons and are subject to an explicit approval process
        and documentation. The relevant entities shall take identities assigned to
        multiple persons into account in the cybersecurity risk management framework
        referred to in point 2.1.
      translations:
        es:
          name: null
          description: "las entidades pertinentes solo autorizar\xE1n las identidades\
            \ asignadas a m\xFAltiples personas, como las identidades compartidas,\
            \ cuando sean necesarias por razones empresariales u operativas y est\xE9\
            n sujetas a un proceso de aprobaci\xF3n y documentaci\xF3n expl\xEDcito.\
            \ Las entidades pertinentes tendr\xE1n en cuenta las identidades asignadas\
            \ a m\xFAltiples personas en el marco de gesti\xF3n de riesgos de ciberseguridad\
            \ contemplado en el punto 2.1."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty povol\xED identitu p\u0159\
            id\u011Blenou v\xEDce osob\xE1m, nap\u0159\xEDklad sd\xEDlenou identitu,\
            \ pouze v p\u0159\xEDpad\u011B, \u017Ee je to nezbytn\xE9 z obchodn\xED\
            ch nebo provozn\xEDch d\u016Fvod\u016F a \u017Ee jsou tyto p\u0159\xED\
            pady podrobeny postupu a zdokumentov\xE1n\xED ud\u011Blen\xED v\xFDslovn\xE9\
            ho souhlasu. P\u0159\xEDslu\u0161n\xE9 subjekty zohledn\xED identity p\u0159\
            id\u011Blen\xE9 v\xEDce osob\xE1m v r\xE1mci \u0159\xEDzen\xED rizik v\
            \ oblasti kybernetick\xE9 bezpe\u010Dnosti uveden\xE9m v bod\u011B 2.1."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.5
      ref_id: 11.5.4
      description: The relevant entities shall regularly review the identities for
        network and information systems and their users and, if no longer needed,
        deactivate them without delay.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n peri\xF3dicamente las\
            \ identidades correspondientes a los sistemas de redes y de informaci\xF3\
            n y sus usuarios y, cuando ya no sean necesarias, las desactivar\xE1n\
            \ inmediatamente."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pravideln\u011B p\u0159\
            ezkoum\xE1vaj\xED identity s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F a jejich u\u017Eivatel\u016F, a pokud ji\u017E nejsou pot\u0159\
            ebn\xE9, neprodlen\u011B je deaktivuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.6'
      name: Authentication
      translations:
        es:
          name: "Autenticaci\xF3n"
          description: null
        cs:
          name: "Ov\u011B\u0159en\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6
      ref_id: 11.6.1
      description: The relevant entities shall implement secure authentication procedures
        and technologies based on access restrictions and the policy on access control.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes pondr\xE1n en marcha tecnolog\xED\
            as y procedimientos de autenticaci\xF3n seguros basados en las restricciones\
            \ de acceso y en la pol\xEDtica de control de acceso."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zavedou bezpe\u010Dn\xE9\
            \ ov\u011B\u0159ovac\xED postupy a technologie zalo\u017Een\xE9 na omezen\xED\
            \ p\u0159\xEDstupu a politice \u0159\xEDzen\xED p\u0159\xEDstupu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6
      ref_id: 11.6.2
      description: 'For that purpose, the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A tal efecto, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.a
      description: ensure the strength of authentication is appropriate to the classification
        of the asset to be accessed;
      translations:
        es:
          name: null
          description: "garantizar\xE1n que la solidez de la autenticaci\xF3n sea\
            \ adecuada para a la clasificaci\xF3n del activo al que se va a acceder;"
        cs:
          name: null
          description: "zajist\xED, aby \xFArove\u0148 ov\u011B\u0159en\xED odpov\xED\
            dala klasifikaci aktiva, k n\u011Bmu\u017E m\xE1 b\xFDt poskytnut p\u0159\
            \xEDstup;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.b
      description: control the allocation to users and management of secret authentication
        information by a process that ensures the confidentiality of the information,
        including advising personnel on appropriate handling of authentication information;
      translations:
        es:
          name: null
          description: "controlar la asignaci\xF3n a los usuarios y la gesti\xF3n\
            \ de informaci\xF3n de autenticaci\xF3n secreta mediante un proceso que\
            \ garantice la confidencialidad de la informaci\xF3n, incluido el asesoramiento\
            \ al personal sobre el tratamiento adecuado de la informaci\xF3n de autenticaci\xF3\
            n;"
        cs:
          name: null
          description: "kontroluj\xED p\u0159id\u011Blov\xE1n\xED tajn\xFDch ov\u011B\
            \u0159ovac\xEDch \xFAdaj\u016F u\u017Eivatel\u016Fm a jejich spr\xE1vu\
            \ postupem, kter\xFD zaji\u0161\u0165uje d\u016Fv\u011Brnost \xFAdaj\u016F\
            , co\u017E zahrnuje i poskytov\xE1n\xED poradenstv\xED pracovn\xEDk\u016F\
            m ohledn\u011B vhodn\xE9ho zach\xE1zen\xED s ov\u011B\u0159ovac\xEDmi\
            \ \xFAdaji;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.c
      description: require the change of authentication credentials initially, at
        predefined intervals and upon suspicion that the credentials were compromised;
      translations:
        es:
          name: null
          description: "exigir el cambio de credenciales de autenticaci\xF3n al principio,\
            \ a intervalos predefinidos y cuando se sospeche que las credenciales\
            \ corren alg\xFAn peligro;"
        cs:
          name: null
          description: "vy\u017Eaduj\xED zm\u011Bnu ov\u011B\u0159ovac\xEDch \xFA\
            daj\u016F na po\u010D\xE1tku, v p\u0159edem stanoven\xFDch intervalech\
            \ a v p\u0159\xEDpad\u011B podez\u0159en\xED, \u017Ee tyto \xFAdaje byly\
            \ ohro\u017Eeny;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.d
      description: require the reset of authentication credentials and the blocking
        of users after a predefined number of unsuccessful log-in attempts;
      translations:
        es:
          name: null
          description: "exigir el restablecimiento de las credenciales y el bloqueo\
            \ de los usuarios tras un n\xFAmero predefinido de intentos de conexi\xF3\
            n infructuosos;"
        cs:
          name: null
          description: "vy\u017Eaduj\xED obnoven\xED ov\u011B\u0159ovac\xEDch \xFA\
            daj\u016F a zablokov\xE1n\xED u\u017Eivatel\u016F po p\u0159edem stanoven\xE9\
            m po\u010Dtu ne\xFAsp\u011B\u0161n\xFDch pokus\u016F o p\u0159ihl\xE1\u0161\
            en\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.e
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.e
      description: terminate inactive sessions after a predefined period of inactivity;
        and
      translations:
        es:
          name: null
          description: "cerrar las sesiones inactivas tras un per\xEDodo de inactividad\
            \ predefinido; y"
        cs:
          name: null
          description: "ukon\u010D\xED neaktivn\xED relace po uplynut\xED p\u0159\
            edem stanoven\xE9 doby ne\u010Dinnosti a\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.2
      ref_id: 11.6.2.f
      description: require separate credentials to access privileged access or administrative
        accounts.
      translations:
        es:
          name: null
          description: "exigir credenciales separadas para obtener un acceso privilegiado\
            \ o acceder a cuentas de administraci\xF3n."
        cs:
          name: null
          description: "vy\u017Eaduj\xED zvl\xE1\u0161tn\xED ov\u011B\u0159ovac\xED\
            \ \xFAdaje pro p\u0159\xEDstup k administr\xE1torsk\xE9mu p\u0159\xED\
            stupu nebo k \xFA\u010Dtu pro spr\xE1vu syst\xE9mu.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6
      ref_id: 11.6.3
      description: The relevant entities shall to the extent feasible use state-of-the-art
        authentication methods, in accordance with the associated assessed risk and
        the classification of the asset to be accessed, and unique authentication
        information.
      translations:
        es:
          name: null
          description: "En la medida de lo posible, las entidades pertinentes utilizar\xE1\
            n los m\xE9todos de autenticaci\xF3n m\xE1s avanzados, de conformidad\
            \ con el riesgo evaluado asociado y la clasificaci\xF3n del activo al\
            \ que se vaya a acceder, as\xED como informaci\xF3n de autenticaci\xF3\
            n exclusiva."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v provediteln\xE9m rozsahu\
            \ pou\u017E\xEDvaj\xED nejmodern\u011Bj\u0161\xED metody ov\u011B\u0159\
            ov\xE1n\xED, a to v souladu se souvisej\xEDc\xEDm posouzen\xFDm rizikem\
            \ a klasifikac\xED aktiva, k n\u011Bmu\u017E m\xE1 b\xFDt poskytnut p\u0159\
            \xEDstup, a jedine\u010Dn\xE9 ov\u011B\u0159ovac\xED informace."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.6
      ref_id: 11.6.4
      description: The relevant entities shall review the authentication procedures
        and technologies at planned intervals.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n los procedimientos\
            \ y las tecnolog\xEDas de autenticaci\xF3n a intervalos planificados."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty v pl\xE1novan\xFDch intervalech\
            \ p\u0159ezkoum\xE1vaj\xED postupy a technologie ov\u011B\u0159ov\xE1\
            n\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11
      ref_id: '11.7'
      name: Multi-factor authentication
      translations:
        es:
          name: "Autenticaci\xF3n de m\xFAltiples factores"
          description: null
        cs:
          name: "V\xEDcefaktorov\xE1 autentizace"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7
      ref_id: 11.7.1
      description: "The relevant entities shall ensure that users are authenticated\
        \ by multiple authentication factors or continuous authentication mechanisms\
        \ for accessing the relevant entities\u2019 network and information systems,\
        \ where appropriate, in accordance with the classification of the asset to\
        \ be accessed."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes velar\xE1n por que los usuarios\
            \ sean autenticados mediante m\xFAltiples factores de autenticaci\xF3\
            n o mecanismos de autenticaci\xF3n continua para acceder a los sistemas\
            \ de redes y de informaci\xF3n la entidad, cuando proceda, de conformidad\
            \ con la clasificaci\xF3n del activo al que se va a acceder."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby u\u017E\
            ivatel\xE9 byli p\u0159i p\u0159\xEDstupu do s\xEDt\u011B a informa\u010D\
            n\xEDch syst\xE9m\u016F subjekt\u016F ov\u011B\u0159ov\xE1ni pomoc\xED\
            \ v\xEDce autentiza\u010Dn\xEDch faktor\u016F nebo mechanism\u016F trval\xE9\
            \ autentizace, p\u0159\xEDpadn\u011B v souladu s klasifikac\xED aktiva,\
            \ k n\u011Bmu\u017E maj\xED m\xEDt p\u0159\xEDstup."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:11.7
      ref_id: 11.7.2
      description: The relevant entities shall ensure that the strength of authentication
        is appropriate for the classification of the asset to be accessed.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes se asegurar\xE1n de que la solidez\
            \ de la autenticaci\xF3n sea adecuada a la clasificaci\xF3n del activo\
            \ al que se va a acceder."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby \xFArove\u0148\
            \ ov\u011B\u0159en\xED odpov\xEDdala klasifikaci aktiva, k n\u011Bmu\u017E\
            \ m\xE1 b\xFDt poskytnut p\u0159\xEDstup."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      assessable: false
      depth: 1
      ref_id: '12'
      name: ASSET MANAGEMENT (ARTICLE 21(2), POINT (I), OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "GESTI\xD3N DE ACTIVOS [Art\xEDculo 21, Apartado 2, Letra I), de la\
            \ directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Spr\xE1va aktiv (\u010Dl. 21 odst. 2 p\xEDsm. i) sm\u011Brnice (EU)\
            \ 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      ref_id: '12.1'
      name: Asset classification
      translations:
        es:
          name: "Clasificaci\xF3n de activos"
          description: null
        cs:
          name: Klasifikace aktiv
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1
      ref_id: 12.1.1
      description: For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555,
        the relevant entities shall lay down classification levels of all assets,
        including information, in scope of their network and information systems for
        the level of protection required.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes establecer\xE1\
            n los niveles de clasificaci\xF3n de todos los activos, incluida la informaci\xF3\
            n, que formen parte del \xE1mbito de sus sistemas de redes y de informaci\xF3\
            n con relaci\xF3n al nivel de protecci\xF3n requerido."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. i) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED stupn\u011B\
            \ utajen\xED v\u0161ech aktiv, v\u010Detn\u011B informac\xED, v oblasti\
            \ p\u016Fsobnosti sv\xFDch s\xEDt\xED a informa\u010Dn\xEDch syst\xE9\
            m\u016F pro po\u017Eadovanou \xFArove\u0148 ochrany."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1
      ref_id: 12.1.2
      description: 'For the purpose of point 12.1.1., the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A los efectos del punto 12.1.1, las entidades pertinentes:'
        cs:
          name: null
          description: "Pro \xFA\u010Dely bodu 12.1.1 p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2
      ref_id: 12.1.2.a
      description: lay down a system of classification levels for assets;
      translations:
        es:
          name: null
          description: "establecer\xE1n un sistema de niveles de clasificaci\xF3n\
            \ de los activos;"
        cs:
          name: null
          description: "stanov\xED syst\xE9m stup\u0148\u016F utajen\xED aktiv;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2
      ref_id: 12.1.2.b
      description: associate all assets with a classification level, based on confidentiality,
        integrity, authenticity and availability requirements, to indicate the protection
        required according to their sensitivity, criticality, risk and business value;
      translations:
        es:
          name: null
          description: "asociar\xE1n todos los activos con un nivel de clasificaci\xF3\
            n, basado en los requisitos de confidencialidad, integridad, autenticidad\
            \ y disponibilidad, para indicar la protecci\xF3n requerida en funci\xF3\
            n de su sensibilidad, criticidad, riesgo y valor empresarial;"
        cs:
          name: null
          description: "p\u0159i\u0159ad\xED v\u0161em aktiv\u016Fm stupe\u0148 utajen\xED\
            , a to na z\xE1klad\u011B po\u017Eadavk\u016F na d\u016Fv\u011Brnost,\
            \ integritu, autenticitu a dostupnost, s c\xEDlem ur\u010Dit po\u017E\
            adovanou ochranu podle jejich citlivosti, kriti\u010Dnosti, rizika a obchodn\xED\
            \ hodnoty;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.2
      ref_id: 12.1.2.c
      description: align the availability requirements of the assets with the delivery
        and recovery objectives set out in their business continuity and disaster
        recovery plans.
      translations:
        es:
          name: null
          description: "amoldar\xE1n los requisitos de disponibilidad de los activos\
            \ a los objetivos de entrega y recuperaci\xF3n establecidos en sus planes\
            \ de continuidad de las actividades y de recuperaci\xF3n en caso de cat\xE1\
            strofe."
        cs:
          name: null
          description: "uvedou do souladu po\u017Eadavky na dostupnost aktiv a c\xED\
            le v oblasti poskytov\xE1n\xED a obnovy stanoven\xE9 v jejich pl\xE1nu\
            \ kontinuity a obnovy provozu po hav\xE1rii.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.1
      ref_id: 12.1.3
      description: The relevant entities shall conduct periodic reviews of the classification
        levels of assets and update them, where appropriate.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes realizar\xE1n revisiones peri\xF3\
            dicas de los niveles de clasificaci\xF3n de los activos y los actualizar\xE1\
            n, seg\xFAn proceda."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty prov\xE1d\u011Bj\xED pravideln\xE9\
            \ p\u0159ezkumy stup\u0148\u016F utajen\xED aktiv a v p\u0159\xEDpad\u011B\
            \ pot\u0159eby je aktualizuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      ref_id: '12.2'
      name: Handling of assets
      translations:
        es:
          name: "Gesti\xF3n de activos"
          description: null
        cs:
          name: "Zach\xE1zen\xED s aktivy"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2
      ref_id: 12.2.1
      description: The relevant entities shall establish, implement and apply a policy
        for the proper handling of assets, including information, in accordance with
        their network and information security policy, and shall communicate the policy
        on proper handling of assets to anyone who uses or handles assets.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\
            \ y aplicar\xE1n una pol\xEDtica para la correcta gesti\xF3n de los activos,\
            \ incluida la informaci\xF3n, acorde con su pol\xEDtica de seguridad de\
            \ las redes y de la informaci\xF3n y la pondr\xE1n en conocimiento de\
            \ todo aquel que utilice o gestione los activos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vytvo\u0159\xED, zavedou\
            \ a uplat\u0148uj\xED politiku spr\xE1vn\xE9ho zach\xE1zen\xED s aktivy,\
            \ v\u010Detn\u011B informac\xED, kter\xE1 je v souladu s jejich politikou\
            \ bezpe\u010Dnosti s\xEDt\xED a informac\xED, a sd\u011Bl\xED politiku\
            \ spr\xE1vn\xE9ho nakl\xE1d\xE1n\xED s aktivy v\u0161em, kte\u0159\xED\
            \ aktiva pou\u017E\xEDvaj\xED nebo s nimi nakl\xE1daj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2
      ref_id: 12.2.2
      description: 'The policy shall:'
      translations:
        es:
          name: null
          description: "Dicha pol\xEDtica:"
        cs:
          name: null
          description: 'Tato politika:'
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2
      ref_id: 12.2.2.a
      description: cover the entire life cycle of the assets, including acquisition,
        use, storage, transportation and disposal;
      translations:
        es:
          name: null
          description: "har\xE1 referencia a toda la vida \xFAtil de los activos,\
            \ especialmente su adquisici\xF3n, uso, almacenamiento, transporte y eliminaci\xF3\
            n;"
        cs:
          name: null
          description: "pokr\xFDv\xE1 cel\xFD \u017Eivotn\xED cyklus aktiv, v\u010D\
            etn\u011B po\u0159\xEDzen\xED, pou\u017E\xEDv\xE1n\xED, uchov\xE1v\xE1\
            n\xED, p\u0159epravy a likvidace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2
      ref_id: 12.2.2.b
      description: provide rules on the safe use, safe storage, safe transport, and
        the irretrievable deletion and destruction of the assets;
      translations:
        es:
          name: null
          description: "establecer\xE1 normas para su uso seguro, su almacenamiento\
            \ seguro, su transporte seguro y la supresi\xF3n y destrucci\xF3n irreversibles\
            \ de los activos;"
        cs:
          name: null
          description: "poskytuje pravidla bezpe\u010Dn\xE9ho pou\u017E\xEDv\xE1n\xED\
            , bezpe\u010Dn\xE9 skladov\xE1n\xED, bezpe\u010Dnou p\u0159epravu a nevratn\xE9\
            \ vymaz\xE1n\xED a zni\u010Den\xED aktiv.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.2
      ref_id: 12.2.2.c
      description: provide that the transfer shall take place in a secure manner,
        in accordance with the type of asset to be transferred.
      translations:
        es:
          name: null
          description: "prever\xE1 que la transferencia se lleve a cabo de manera\
            \ segura, de conformidad con el tipo de activo que transfiera."
        cs:
          name: null
          description: "stanov\xED, \u017Ee p\u0159evod se uskute\u010Dn\xED bezpe\u010D\
            n\xFDm zp\u016Fsobem v souladu s typem p\u0159ev\xE1d\u011Bn\xE9ho aktiva.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.2
      ref_id: 12.2.3
      description: The relevant entities shall review and, where appropriate, update
        the policy at planned intervals and when significant incidents or significant
        changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n la pol\xEDtica a intervalos planificados o cuando se\
            \ produzcan incidentes significativos o cambios significativos en las\
            \ operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty tuto politiku p\u0159ezkoum\xE1\
            vaj\xED a\_v\_p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v\_pl\xE1\
            novan\xFDch intervalech a\_p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            \ nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      ref_id: '12.3'
      name: Removable media policy
      translations:
        es:
          name: "Pol\xEDtica de soportes extra\xEDbles"
          description: null
        cs:
          name: "Politika t\xFDkaj\xEDc\xED se vym\u011Bniteln\xFDch m\xE9di\xED"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3
      ref_id: 12.3.1
      description: "The relevant entities shall establish, implement and apply a policy\
        \ on the management of removable storage media and communicate it to their\
        \ employees and third parties who handle removable storage media at the relevant\
        \ entities\u2019 premises or other locations where the removable media is\
        \ connected to the relevant entities\u2019 network and information systems."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes establecer\xE1n, pondr\xE1n en marcha\
            \ y aplicar\xE1n una pol\xEDtica relativa a la gesti\xF3n de soportes\
            \ de almacenamiento extra\xEDbles y la pondr\xE1n en conocimiento de sus\
            \ empleados y de terceros que manipulen soportes de almacenamiento extra\xED\
            bles en las instalaciones de las entidades pertinentes o en otros lugares\
            \ en los que los soportes extra\xEDbles est\xE9n conectados a los sistemas\
            \ de redes y de informaci\xF3n de la entidad."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou a uplat\u0148\
            uj\xED politiku spr\xE1vy vym\u011Bniteln\xFDch pam\u011B\u0165ov\xFD\
            ch m\xE9di\xED a sd\u011Bl\xED ji sv\xFDm zam\u011Bstnanc\u016Fm a t\u0159\
            et\xEDm stran\xE1m, kter\xE9 s vym\u011Bniteln\xFDmi pam\u011B\u0165ov\xFD\
            mi m\xE9dii nakl\xE1daj\xED v prostor\xE1ch p\u0159\xEDslu\u0161n\xFD\
            ch subjekt\u016F nebo na jin\xFDch m\xEDstech, kde jsou vym\u011Bniteln\xE1\
            \ m\xE9dia p\u0159ipojena k s\xEDt\xEDm a informa\u010Dn\xEDm syst\xE9\
            m\u016Fm p\u0159\xEDslu\u0161n\xFDch subjekt\u016F."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3
      ref_id: 12.3.2
      description: 'The policy shall:'
      translations:
        es:
          name: null
          description: "Dicha pol\xEDtica:"
        cs:
          name: null
          description: 'Tato politika:'
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2
      ref_id: 12.3.2.a
      description: provide for a technical prohibition of the connection of removable
        media unless there is an organisational reason for their use;
      translations:
        es:
          name: null
          description: "prever\xE1 una prohibici\xF3n t\xE9cnica para la conexi\xF3\
            n de soportes extra\xEDbles salvo que existan razones internas para su\
            \ uso;"
        cs:
          name: null
          description: "stanov\xED technick\xFD z\xE1kaz p\u0159ipojen\xED vym\u011B\
            niteln\xFDch m\xE9di\xED, pokud pro pou\u017Eit\xED neexistuj\xED organiza\u010D\
            n\xED d\u016Fvody;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2
      ref_id: 12.3.2.b
      description: "provide for disabling self-execution from such media and scanning\
        \ the media for malicious code before they are used on the relevant entities\u2019\
        \ systems;"
      translations:
        es:
          name: null
          description: "prever\xE1 la deshabilitaci\xF3n de la reproducci\xF3n autom\xE1\
            tica desde dichos soportes y la detecci\xF3n de c\xF3digos maliciosos\
            \ en los mismos antes de que se utilicen en los sistemas de las entidades\
            \ pertinentes;"
        cs:
          name: null
          description: "zajist\xED, aby bylo zak\xE1z\xE1no samospou\u0161t\u011B\
            n\xED z takov\xFDch m\xE9di\xED a aby byla m\xE9dia p\u0159ed jejich pou\u017E\
            it\xEDm v syst\xE9mech p\u0159\xEDslu\u0161n\xFDch subjekt\u016F prov\u011B\
            \u0159ov\xE1na na p\u0159\xEDtomnost \u0161kodliv\xE9ho k\xF3du;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2
      ref_id: 12.3.2.c
      description: provide measures for controlling and protecting portable storage
        devices containing data while in transit and in storage;
      translations:
        es:
          name: null
          description: "prever\xE1 medidas para controlar y proteger los soportes\
            \ de almacenamiento extra\xEDbles que contengan datos durante el tr\xE1\
            nsito y el almacenamiento;"
        cs:
          name: null
          description: "poskytuje opat\u0159en\xED pro zaji\u0161t\u011Bn\xED kontroly\
            \ a ochrany p\u0159enosn\xFDch pam\u011B\u0165ov\xFDch za\u0159\xEDzen\xED\
            \ obsahuj\xEDc\xEDch data p\u0159i p\u0159eprav\u011B a skladov\xE1n\xED\
            ;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.2
      ref_id: 12.3.2.d
      description: where appropriate, provide measures for the use of cryptographic
        techniques to protect data on removable storage media.
      translations:
        es:
          name: null
          description: "seg\xFAn proceda, prever\xE1 medidas para la utilizaci\xF3\
            n de t\xE9cnicas criptogr\xE1ficas para proteger los datos contenidos\
            \ en los soportes de almacenamiento extra\xEDbles."
        cs:
          name: null
          description: "v p\u0159\xEDpad\u011B pot\u0159eby stanov\xED opat\u0159\
            en\xED pro pou\u017Eit\xED kryptografick\xFDch technik s c\xEDlem chr\xE1\
            nit \xFAdaje na vym\u011Bniteln\xFDch pam\u011B\u0165ov\xFDch m\xE9di\xED\
            ch.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.3
      ref_id: 12.3.3
      description: The relevant entities shall review and, where appropriate, update
        the policy at planned intervals and when significant incidents or significant
        changes to operations or risks occur.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y, cuando proceda,\
            \ actualizar\xE1n la pol\xEDtica a intervalos planificados o cuando se\
            \ produzcan incidentes significativos o cambios significativos en las\
            \ operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty tuto politiku p\u0159ezkoum\xE1\
            vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED v pl\xE1\
            novan\xFDch intervalech a p\u0159i v\xFDskytu v\xFDznamn\xFDch incident\u016F\
            \ nebo v\xFDznamn\xFDch zm\u011Bn operac\xED \u010Di rizik."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      ref_id: '12.4'
      name: Asset inventory
      translations:
        es:
          name: Inventario de activos
          description: null
        cs:
          name: ' Soupis aktiv'
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4
      ref_id: 12.4.1
      description: The relevant entities shall develop and maintain a complete, accurate,
        up-to-date and consistent inventory of their assets. They shall record changes
        to the entries in the inventory in a traceable manner.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes crear\xE1n y mantendr\xE1n un inventario\
            \ completo, preciso, actualizado y coherente de sus activos. Registrar\xE1\
            n los cambios en las entradas del inventario de manera que puedan rastrearse."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty vypracuj\xED a udr\u017E\
            uj\xED \xFApln\xFD, p\u0159esn\xFD, aktu\xE1ln\xED a ucelen\xFD soupis\
            \ sv\xFDch aktiv. Dohledateln\xFDm zp\u016Fsobem zaznamen\xE1vaj\xED zm\u011B\
            ny polo\u017Eek v soupisu."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1
      ref_id: 12.4.2
      description: 'The granularity of the inventory of the assets shall be at a level
        appropriate for the needs of the relevant entities. The inventory shall include
        the following:'
      translations:
        es:
          name: null
          description: "La granularidad del inventario de los activos se situar\xE1\
            \ en un nivel adecuado a las necesidades de las entidades pertinentes.\
            \ El inventario incluir\xE1 lo siguiente:"
        cs:
          name: null
          description: "Podrobnost soupisu aktiv by m\u011Bla b\xFDt na \xFArovni\
            \ odpov\xEDdaj\xEDc\xED pot\u0159eb\xE1m p\u0159\xEDslu\u0161n\xFDch subjekt\u016F\
            . Soupis obsahuje:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1
      ref_id: 12.4.2.a
      description: the list of operations and services and their description,
      translations:
        es:
          name: null
          description: "la lista de operaciones y servicios y su descripci\xF3n;"
        cs:
          name: null
          description: "seznam operac\xED a slu\u017Eeb a jejich popis;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.1
      ref_id: 12.4.2.b
      description: "the list of network and information systems and other associated\
        \ assets supporting the relevant entities\u2019 operations and services."
      translations:
        es:
          name: null
          description: "la lista de sistemas de redes y de informaci\xF3n y otros\
            \ activos asociados que sirvan de apoyo a las operaciones y servicios\
            \ de las entidades pertinentes."
        cs:
          name: null
          description: "seznam s\xEDt\xED a informa\u010Dn\xEDch syst\xE9m\u016F a\
            \ dal\u0161\xEDch souvisej\xEDc\xEDch aktiv podporuj\xEDc\xEDch operace\
            \ a slu\u017Eby p\u0159\xEDslu\u0161n\xFDch subjekt\u016F.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.4
      ref_id: 12.4.3
      description: The relevant entities shall regularly review and update the inventory
        and their assets and document the history of changes.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes revisar\xE1n y actualizar\xE1n peri\xF3\
            dicamente el inventario y sus activos y registrar\xE1n el historial de\
            \ cambios."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pravideln\u011B p\u0159\
            ezkoum\xE1vaj\xED a aktualizuj\xED soupis a sv\xE1 aktiva a dokumentuj\xED\
            \ historii zm\u011Bn."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12
      ref_id: '12.5'
      name: Deposit, return or deletion of assets upon termination of employment
      translations:
        es:
          name: "Dep\xF3sito, devoluci\xF3n o supresi\xF3n de activos al t\xE9rmino\
            \ de la relaci\xF3n laboral"
          description: null
        cs:
          name: "Ulo\u017Een\xED, vr\xE1cen\xED nebo smaz\xE1n\xED aktiv po ukon\u010D\
            en\xED pracovn\xEDho pom\u011Bru"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5:1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:12.5
      description: "The relevant entities shall establish, implement and apply procedures\
        \ which ensure that their assets which are under custody of personnel are\
        \ deposited, returned or deleted upon termination of employment, and shall\
        \ document the deposit, return and deletion of those assets. Where the deposit,\
        \ return or deletion of assets is not possible, the relevant entities shall\
        \ ensure that the assets can no longer access the relevant entities\u2019\
        \ network and information systems in accordance with point 12.2.2."
      translations:
        es:
          name: null
          description: "Las entidades pertinentes crear\xE1n, pondr\xE1n en marcha\
            \ y aplicar\xE1n procedimientos para que los activos bajo custodia del\
            \ personal sean depositados, devueltos o suprimidos al t\xE9rmino de la\
            \ relaci\xF3n laboral, y documentar\xE1n el dep\xF3sito, la devoluci\xF3\
            n y la supresi\xF3n de dichos activos.\n\nCuando no sea posible el dep\xF3\
            sito, la devoluci\xF3n o la supresi\xF3n de activos, las entidades pertinentes\
            \ se asegurar\xE1n de que dichos activos ya no puedan acceder a los sistemas\
            \ de redes y de informaci\xF3n de la entidad de conformidad con el punto\
            \ 12.2.2."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty stanov\xED, zavedou a uplat\u0148\
            uj\xED postupy, kter\xE9 zajist\xED, aby jejich aktiva, kter\xE1 maj\xED\
            \ zam\u011Bstnanci v \xFAschov\u011B, byla po skon\u010Den\xED pracovn\xED\
            ho pom\u011Bru ulo\u017Eena, vr\xE1cena nebo smaz\xE1na, a zdokumentuj\xED\
            \ ulo\u017Een\xED, vr\xE1cen\xED a smaz\xE1n\xED t\u011Bchto aktiv. Pokud\
            \ ulo\u017Een\xED, vr\xE1cen\xED nebo vymaz\xE1n\xED aktiv nen\xED mo\u017E\
            n\xE9, p\u0159\xEDslu\u0161n\xE9 subjekty zajist\xED, aby aktiva ji\u017E\
            \ nem\u011Bla p\u0159\xEDstup do s\xEDt\u011B a informa\u010Dn\xEDch syst\xE9\
            m\u016F p\u0159\xEDslu\u0161n\xFDch subjekt\u016F v souladu s bodem 12.2.2.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13
      assessable: false
      depth: 1
      ref_id: '13'
      name: ENVIRONMENTAL AND PHYSICAL SECURITY (ARTICLE 21(2), POINTS (C), (E) AND
        (I) OF DIRECTIVE (EU) 2022/2555)
      translations:
        es:
          name: "SEGURIDAD MEDIOAMBIENTAL Y F\xCDSICA [Art\xEDculo 21, Apartado 2,\
            \ Letras C), E) e I), de la directiva (UE) 2022/2555]"
          description: null
        cs:
          name: "Environment\xE1ln\xED a fyzick\xE1 bezpe\u010Dnost (\u010Dl. 21 odst.\
            \ 2 p\xEDsm. c), e) a i) sm\u011Brnice (EU) 2022/2555)"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13
      ref_id: '13.1'
      name: Supporting utilities
      translations:
        es:
          name: "Servicios p\xFAblicos"
          description: null
        cs:
          name: "Podp\u016Frn\xE9 slu\u017Eby"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1
      ref_id: 13.1.1
      description: For the purpose of Article 21(2)(c) of Directive (EU) 2022/2555,
        the relevant entities shall prevent loss, damage or compromise of network
        and information systems or interruption to their operations due to the failure
        and disruption of supporting utilities.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra c), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n las\
            \ p\xE9rdidas, los da\xF1os o riesgos de los sistemas de redes y de informaci\xF3\
            n o la interrupci\xF3n de sus operaciones debido al fallo y la interrupci\xF3\
            n de los servicios p\xFAblicos."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. c) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty zabr\xE1n\xED\
            \ ztr\xE1t\u011B, po\u0161kozen\xED nebo ohro\u017Een\xED s\xEDt\xED a\
            \ informa\u010Dn\xEDch syst\xE9m\u016F nebo p\u0159eru\u0161en\xED jejich\
            \ provozu v d\u016Fsledku selh\xE1n\xED a naru\u0161en\xED podp\u016F\
            rn\xFDch slu\u017Eeb."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1
      ref_id: 13.1.2
      description: 'For that purpose, the relevant entities shall, where appropriate:'
      translations:
        es:
          name: null
          description: 'A tal efecto, cuando proceda, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ v p\u0159\xEDpad\u011B pot\u0159eby:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.a
      description: protect facilities from power failures and other disruptions caused
        by failures in supporting utilities such as electricity, telecommunications,
        water supply, gas, sewage, ventilation and air conditioning;
      translations:
        es:
          name: null
          description: "proteger\xE1n las instalaciones de los fallos el\xE9ctricos\
            \ y de otras alteraciones causadas por fallos en servicios p\xFAblicos\
            \ como la electricidad, las telecomunicaciones, el suministro de agua,\
            \ el gas, las aguas residuales, la ventilaci\xF3n o el aire acondicionado;"
        cs:
          name: null
          description: "chr\xE1n\xED za\u0159\xEDzen\xED p\u0159ed v\xFDpadky nap\xE1\
            jen\xED a dal\u0161\xEDmi naru\u0161en\xEDmi zp\u016Fsoben\xFDmi v\xFD\
            padky podp\u016Frn\xFDch slu\u017Eeb, jako jsou elekt\u0159ina, telekomunikace,\
            \ dod\xE1vky vody, plynu, kanalizace, ventilace a klimatizace;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.b
      description: consider the use of redundancy in utilities services;
      translations:
        es:
          name: null
          description: "considerar\xE1n la utilizaci\xF3n de redundancias en los servicios\
            \ de utilidad p\xFAblica;"
        cs:
          name: null
          description: "zv\xE1\u017E\xED vyu\u017Eit\xED redundance v oblasti ve\u0159\
            ejn\xFDch slu\u017Eeb;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.c
      description: protect utility services for electricity and telecommunications,
        which transport data or supply network and information systems, against interception
        and damage;
      translations:
        es:
          name: null
          description: "proteger\xE1n los servicios p\xFAblicos de electricidad y\
            \ telecomunicaciones, que transportan datos u ofrecen sistemas de redes\
            \ y de informaci\xF3n, frente a la interceptaci\xF3n y los da\xF1os;"
        cs:
          name: null
          description: "chr\xE1n\xED slu\u017Eby v oblasti elekt\u0159iny a telekomunikac\xED\
            , kter\xE9 p\u0159en\xE1\u0161ej\xED data nebo z\xE1sobuj\xED s\xEDt\u011B\
            \ a informa\u010Dn\xED syst\xE9my, proti p\u0159eru\u0161en\xED a po\u0161\
            kozen\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.d
      description: monitor the utility services referred to in point (c) and report
        to the competent internal or external personnel events outside the minimum
        and maximum control thresholds referred to in point 13.2.2(b) affecting the
        utility services;
      translations:
        es:
          name: null
          description: "supervisar\xE1n los servicios p\xFAblicos contemplados en\
            \ la letra c) e informar\xE1n al personal interno o externo competente\
            \ de los sucesos que tengan lugar m\xE1s all\xE1 de los umbrales m\xED\
            nimo y m\xE1ximo de control a que se refiere el punto 13.2.2, letra b),\
            \ que afecten a los servicios de utilidad p\xFAblica;"
        cs:
          name: null
          description: "sleduje slu\u017Eby uveden\xE9 v p\xEDsmenu c) a oznamuje\
            \ p\u0159\xEDslu\u0161n\xFDm intern\xEDm nebo extern\xEDm pracovn\xED\
            k\u016Fm ud\xE1losti, kter\xE9 p\u0159ekra\u010Duj\xED minim\xE1ln\xED\
            \ a maxim\xE1ln\xED prahov\xE9 hodnoty kontroly uveden\xE9 v bod\u011B\
            \ 13.2.2 p\xEDsm. b) a kter\xE9 ovliv\u0148uj\xED tyto slu\u017Eby;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.e
      assessable: false
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.e
      description: conclude contracts for the emergency supply with corresponding
        services, such as for the fuel for emergency power supply;
      translations:
        es:
          name: null
          description: "concluir\xE1n contratos para el suministro de emergencia con\
            \ los servicios correspondientes, tales como el combustible para el suministro\
            \ el\xE9ctrico de emergencia;"
        cs:
          name: null
          description: "uzav\xEDraj\xED smlouvy na nouzov\xE9 dod\xE1vky s odpov\xED\
            daj\xEDc\xEDmi slu\u017Ebami, nap\u0159\xEDklad pokud jde o pohonn\xE9\
            \ hmoty pro nouzov\xE9 z\xE1sobov\xE1n\xED elekt\u0159inou;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2.f
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.2
      ref_id: 13.1.2.f
      description: ensure continuous effectiveness, monitor, maintain and test the
        supply of the network and information systems necessary for the operation
        of the service offered, in particular the electricity, temperature and humidity
        control, telecommunications and Internet connection.
      translations:
        es:
          name: null
          description: "Garantizar\xE1n la eficacia continua, supervisar\xE1n, mantendr\xE1\
            n y probar\xE1n el suministro de los sistemas de redes y de informaci\xF3\
            n necesarios para el funcionamiento del servicio ofrecido, especialmente\
            \ la electricidad, el control de la temperatura y la humedad, las telecomunicaciones\
            \ y la conexi\xF3n a Internet."
        cs:
          name: null
          description: "zaji\u0161\u0165uj\xED trvalou \xFA\u010Dinnost, sleduj\xED\
            , udr\u017Euj\xED a testuj\xED dod\xE1vky pro s\xEDt\u011B a informa\u010D\
            n\xED syst\xE9my nezbytn\xE9 pro provoz nab\xEDzen\xE9 slu\u017Eby, zejm\xE9\
            na v oblasti elektrick\xE9 energie, regulace teploty a vlhkosti, telekomunikac\xED\
            \ a internetov\xE9ho p\u0159ipojen\xED.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.1
      ref_id: 13.1.3
      description: The relevant entities shall test, review and, where appropriate,
        update the protection measures on a regular basis or following significant
        incidents or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\
            \ cuando proceda, actualizar\xE1n las medidas de protecci\xF3n de forma\
            \ peri\xF3dica o despu\xE9s de incidentes significativos o cambios significativos\
            \ en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pravideln\u011B nebo po\
            \ v\xFDznamn\xFDch incidentech nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED\
            \ \u010Di rizik tato ochrann\xE1 opat\u0159en\xED testuj\xED, p\u0159\
            ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13
      ref_id: '13.2'
      name: Protection against physical and environmental threats
      translations:
        es:
          name: "Protecci\xF3n contra las amenazas f\xEDsicas y medioambientales"
          description: null
        cs:
          name: " Ochrana p\u0159ed fyzick\xFDmi a environment\xE1ln\xEDmi hrozbami"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2
      ref_id: 13.2.1
      description: For the purpose of Article 21(2)(e) of Directive (EU) 2022/2555,
        the relevant entities shall prevent or reduce the consequences of events originating
        from physical and environmental threats, such as natural disasters and other
        intentional or unintentional threats, based on the results of the risk assessment
        carried out pursuant to point 2.1.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra e), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n o\
            \ reducir\xE1n las consecuencias de los sucesos que tengan lugar a causa\
            \ de amenazas f\xEDsicas y medioambientales, como las cat\xE1strofes naturales\
            \ y otras amenazas intencionadas o inintencionadas, a partir de los resultados\
            \ de la evaluaci\xF3n de riesgos realizada de conformidad con el punto\
            \ 2.1."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. e) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty na z\xE1klad\u011B\
            \ v\xFDsledk\u016F posouzen\xED rizik proveden\xE9ho podle bodu 2.1 p\u0159\
            edch\xE1zej\xED n\xE1sledk\u016Fm ud\xE1lost\xED, kter\xE9 maj\xED p\u016F\
            vod ve fyzick\xFDch a environment\xE1ln\xEDch hrozb\xE1ch, jako jsou p\u0159\
            \xEDrodn\xED katastrofy a jin\xE9 \xFAmysln\xE9 nebo ne\xFAmysln\xE9 hrozby,\
            \ nebo n\xE1sledky t\u011Bchto ud\xE1lost\xED omezuj\xED."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2
      ref_id: 13.2.2
      description: 'For that purpose, the relevant entities shall, where appropriate:'
      translations:
        es:
          name: null
          description: 'A tal efecto, cuando proceda, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty\
            \ v p\u0159\xEDpad\u011B pot\u0159eby:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2
      ref_id: 13.2.2.a
      description: design and implement protection measures against physical and environmental
        threats;
      translations:
        es:
          name: null
          description: "dise\xF1ar\xE1n y pondr\xE1n en marcha medidas de protecci\xF3\
            n contra las amenazas f\xEDsicas y medioambientales;"
        cs:
          name: null
          description: "navrhuj\xED a prov\xE1d\u011Bj\xED ochrann\xE1 opat\u0159\
            en\xED proti fyzick\xFDm a environment\xE1ln\xEDm hrozb\xE1m;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2
      ref_id: 13.2.2.b
      description: determine minimum and maximum control thresholds for physical and
        environmental threats;
      translations:
        es:
          name: null
          description: "determinar\xE1n umbrales m\xEDnimos y m\xE1ximos de control\
            \ de las amenazas f\xEDsicas y medioambientales;"
        cs:
          name: null
          description: "stanov\xED minim\xE1ln\xED a maxim\xE1ln\xED prahov\xE9 hodnoty\
            \ kontrol pro fyzick\xE9 a environment\xE1ln\xED hrozby;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.2
      ref_id: 13.2.2.c
      description: monitor environmental parameters and report to the competent internal
        or external personnel events outside the minimum and maximum control thresholds
        referred to in point (b).
      translations:
        es:
          name: null
          description: "supervisar\xE1n los par\xE1metros medioambientales e informar\xE1\
            n al personal interno o externo competente de los sucesos que tengan lugar\
            \ m\xE1s all\xE1 de los umbrales m\xEDnimo y m\xE1ximo de control a que\
            \ se refiere la letra b)."
        cs:
          name: null
          description: "sleduj\xED parametry prost\u0159ed\xED a oznamuj\xED p\u0159\
            \xEDslu\u0161n\xFDm intern\xEDm nebo extern\xEDm pracovn\xEDk\u016Fm ud\xE1\
            losti, kdy jsou p\u0159ekra\u010Dov\xE1ny minim\xE1ln\xED a maxim\xE1\
            ln\xED prahov\xE9 hodnoty kontrol uveden\xE9 v p\xEDsmenu b).\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.2
      ref_id: 13.2.3
      description: The relevant entities shall test, review and, where appropriate,
        update the protection measures against physical and environmental threats
        on a regular basis or following significant incidents or significant changes
        to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\
            \ cuando proceda, actualizar\xE1n las medidas de protecci\xF3n de forma\
            \ peri\xF3dica o despu\xE9s de incidentes significativos o cambios significativos\
            \ en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty pravideln\u011B nebo po\
            \ v\xFDznamn\xFDch incidentech nebo v\xFDznamn\xFDch zm\u011Bn\xE1ch operac\xED\
            \ nebo rizik testuj\xED, p\u0159ezkoum\xE1vaj\xED a v p\u0159\xEDpad\u011B\
            \ pot\u0159eby aktualizuj\xED ochrann\xE1 opat\u0159en\xED proti fyzick\xFD\
            m a environment\xE1ln\xEDm hrozb\xE1m."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13
      ref_id: '13.3'
      name: Perimeter and physical access control
      translations:
        es:
          name: "Control de acceso perimetral y f\xEDsico"
          description: null
        cs:
          name: "Kontrola vn\u011Bj\u0161\xEDho a fyzick\xE9ho p\u0159\xEDstupu"
          description: null
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3
      ref_id: 13.3.1
      description: For the purpose of Article 21(2)(i) of Directive (EU) 2022/2555,
        the relevant entities shall prevent and monitor unauthorised physical access,
        damage and interference to their network and information systems.
      translations:
        es:
          name: null
          description: "A los efectos del art\xEDculo 21, apartado 2, letra i), de\
            \ la Directiva (UE) 2022/2555, las entidades pertinentes evitar\xE1n y\
            \ controlar\xE1n el acceso f\xEDsico no autorizado, los da\xF1os y las\
            \ interferencias a sus sistemas de redes y de informaci\xF3n."
        cs:
          name: null
          description: "Pro \xFA\u010Dely \u010Dl. 21 odst. 2 p\xEDsm. i) sm\u011B\
            rnice (EU) 2022/2555 p\u0159\xEDslu\u0161n\xE9 subjekty p\u0159edch\xE1\
            zej\xED neopr\xE1vn\u011Bn\xE9mu fyzick\xE9mu p\u0159\xEDstupu k s\xED\
            t\xEDm a informa\u010Dn\xEDm syst\xE9m\u016Fm, jejich po\u0161kozen\xED\
            \ a z\xE1sah\u016Fm do nich a p\u0159ede\u0161le uveden\xE9 sleduj\xED\
            ."
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3
      ref_id: 13.3.2
      description: 'For that purpose, the relevant entities shall:'
      translations:
        es:
          name: null
          description: 'A tal efecto, las entidades pertinentes:'
        cs:
          name: null
          description: "Za t\xEDmto \xFA\u010Delem p\u0159\xEDslu\u0161n\xE9 subjekty:"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.a
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2
      ref_id: 13.3.2.a
      description: on the basis of the risk assessment carried out pursuant to point
        2.1, lay down and use security perimeters to protect areas where network and
        information systems and other associated assets are located;
      translations:
        es:
          name: null
          description: "sobre la base de la evaluaci\xF3n de riesgos realizada con\
            \ arreglo al punto 2.1, establecer\xE1n y utilizar\xE1n per\xEDmetros\
            \ de seguridad para proteger las zonas en las que se ubican los sistemas\
            \ de redes y de informaci\xF3n;"
        cs:
          name: null
          description: "na z\xE1klad\u011B posouzen\xED rizik proveden\xE9ho podle\
            \ bodu 2.1 stanov\xED a pou\u017E\xEDvaj\xED bezpe\u010Dnostn\xED z\xF3\
            ny s c\xEDlem chr\xE1nit oblasti, kde se nach\xE1zej\xED s\xEDt\u011B\
            \ a informa\u010Dn\xED syst\xE9my a dal\u0161\xED souvisej\xEDc\xED aktiva;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.b
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2
      ref_id: 13.3.2.b
      description: protect the areas referred to in point (a) by appropriate entry
        controls and access points;
      translations:
        es:
          name: null
          description: "proteger\xE1n las zonas a que se refiere la letra a) mediante\
            \ controles de entrada y puntos de acceso adecuados;"
        cs:
          name: null
          description: "chr\xE1n\xED oblasti uveden\xE9 v p\xEDsmenu a) vhodn\xFD\
            mi kontrolami vstupu a p\u0159\xEDstupov\xFDmi body;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.c
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2
      ref_id: 13.3.2.c
      description: design and implement physical security for offices, rooms and facilities,
      translations:
        es:
          name: null
          description: "dise\xF1ar\xE1n e implantar\xE1n la seguridad f\xEDsica de\
            \ las oficinas, las salas y las instalaciones;"
        cs:
          name: null
          description: "navrhuj\xED a prov\xE1d\u011Bj\xED fyzick\xE9 zabezpe\u010D\
            en\xED kancel\xE1\u0159\xED, m\xEDstnost\xED a za\u0159\xEDzen\xED;\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2.d
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.2
      ref_id: 13.3.2.d
      description: continuously monitor their premises for unauthorised physical access.
      translations:
        es:
          name: null
          description: "supervisar\xE1n de manera continuada sus instalaciones en\
            \ lo que se refiere al acceso f\xEDsico no autorizado."
        cs:
          name: null
          description: "pr\u016Fb\u011B\u017En\u011B monitoruj\xED sv\xE9 prostory,\
            \ zda v nich nedoch\xE1z\xED k neopr\xE1vn\u011Bn\xE9mu fyzick\xE9mu p\u0159\
            \xEDstupu.\n"
    - urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:annex-technical-and-methodological-requirements-nis2:13.3
      ref_id: 13.3.3
      description: The relevant entities shall test, review and, where appropriate,
        update the physical access control measures on a regular basis or following
        significant incidents or significant changes to operations or risks.
      translations:
        es:
          name: null
          description: "Las entidades pertinentes comprobar\xE1n, revisar\xE1n y,\
            \ cuando proceda, actualizar\xE1n las medidas de control del acceso f\xED\
            sico de forma peri\xF3dica o despu\xE9s de incidentes significativos o\
            \ cambios significativos en las operaciones o los riesgos."
        cs:
          name: null
          description: "P\u0159\xEDslu\u0161n\xE9 subjekty opat\u0159en\xED ke kontrole\
            \ fyzick\xE9ho p\u0159\xEDstupu testuj\xED, p\u0159ezkoum\xE1vaj\xED a\
            \ v p\u0159\xEDpad\u011B pot\u0159eby aktualizuj\xED pravideln\u011B nebo\
            \ po v\xFDznamn\xFDch incidentech nebo v\xFDznamn\xFDch zm\u011Bn\xE1\
            ch operac\xED nebo rizik."