| Version | Supported |
|---|---|
| v1.0.x | ✅ |
| v0.3.x | ❌ |
| < v0.3 | ❌ |
Please report sensitive security issues via email to security@nis2shield.com or by opening a GitHub Security Advisory.
DO NOT create public GitHub issues for security vulnerabilities.
We proactively notify users about:
- Critical security patches (CVEs)
- NIS2/DORA regulatory updates affecting compliance logic
- Major breaking changes
- Enterprise Module updates (Disaster Recovery, etc.)
👉 Subscribe to Security Updates
All infrastructure configurations must adhere to:
- Transport: TLS 1.2+ mandatory (TLS 1.3 preferred).
- At Rest: AES-256 for all persistent storage.
- Secrets: Encrypted via KMS/Vault, never committed.
- Acknowledgment: Within 24 hours.
- Assessment: Within 72 hours.
- Patch: Critical issues patched within 7 days.