Dear recipient,
In about two months the online security of your organization will be published on basisbeveiliging.nl.
The website basisbeveiliging.nl makes the current state of baseline security requirements public and is part of Dutch national government policy[4][5]. The aim of this initiative is to promote a transparent and secure online Netherlands.
Basisbeveiliging measures organizations in your sector due to upcoming NIS2 legislation. Under this law, your sector has been designated as highly critical sectors. As the formal criteria of NIS2 are limited, we also measure supply chain partners, partnerships and other relevant institutions in the sector. So your organization does not need to be covered by NIS2 to be measured.
The measurements started recently and are ongoing, even after publication. As a result, improvements to your online infrastructure will also be visible in the report. In the first few days after you receive this e-mail, the report may not yet be complete. The [code] is the code you have received in the announcement e-mail.
Your organisation’s interim report can be found at the following link. Select your organisation from the drop-down menu:
https://basisbeveiliging.nl/report/?custom_country=NL&custom_layer=[code]
If this link does not work, you can perform the following steps:
1: Go to https://basisbeveiliging.nl/state/
2: Under “Layer”, enter the code “[code]” and click “add layer”
3: Then click on reports and search for your organization
We request that you do not share the above link and code with people outside your organisation.
If your institution still does not score sufficiently (green), ask your responsible/IT department to do the following:
- 100% score on internet.nl for both web and mail
- B score or better on ssllabs.com
- adoption of the security.txt standard
- do not place unsolicited tracking cookies
- services/hosting from the Netherlands or the EU, except for organizations obviously located outside of the EU
- no unnecessary services and open ports (such as ftp, databases etc)
- removal of version numbers in online services (especially in portscans)
- correct WHOIS registration information with the SIDN for .nl domains (‘holder’ = name of organisation, not a person and not anonymous)
- no public login portals intended for management purposes
We know that vital infrastructure is complex. Therefore, we apply a comply-or-explain policy. For each finding, an exception request can be sent from the website.
About us:
Basic security works according to the linked code of conduct [2]. Our measurement policy is at [3]. More on our foundation is at [6].
Basisbeveiliging.nl is part of the NCTV’s Dutch Cybersecurity Strategy Action Plan[4] and the Value-Driven Digitisation Work Agenda of the Ministry of the Interior and Kingdom Relations[5].
Basisbeveiliging is run by the Internet Cleanup Foundation. This is an independent non-profit organisation whose goal is a safe and robust internet.
Much of our work is carried out by volunteers, including these measurements. The foundation receives income from participation, grants, donations, gifts and sponsorship.
We can be reached most easily via Discord[7], ask for Elger, Johan or Wouter. A support channel can also be found there, covering various topics.
Kind regards,
Elger Jonker
Voorzitter Internet Cleanup Foundation
https://internetcleanup.foundation