NIS2 vulnerability management
built for European organizations
Meet Article 21 vulnerability handling requirements with on-premises deployment, ENISA EUVD integration, and multi-source intelligence from 6+ authoritative databases — backed by cryptographically signed, auditor-ready evidence. Swiss-made. EU data sovereign. €4,999/yr.
What NIS2 Article 21 requires — and how SentriKat delivers
NIS2 Requirement
Article 21(2)(e) mandates "vulnerability handling and disclosure" — a structured, repeatable process for identifying, assessing, and remediating vulnerabilities across your IT environment.
SentriKat Delivers
Automated inventory discovery, multi-source vulnerability matching (CISA KEV + ENISA EUVD), CVSS enrichment from 3 databases, remediation deadline tracking, and NIS2-specific compliance reports for auditors.
Why EU organizations choose SentriKat
EU Data Sovereignty
100% on-premises. Your vulnerability data never leaves your infrastructure. No US cloud dependency. Deploy on your own EU-based servers and maintain full control over sensitive security data.
ENISA EUVD Integration
Native integration with the European Vulnerability Database mandated by NIS2 Article 12. Track EU-flagged exploited vulnerabilities alongside CISA KEV for dual-continent coverage.
NIS2 Compliance Reports
Generate audit-ready NIS2 Article 21 compliance reports with executive summaries, risk scores, remediation timelines, and KPIs. PDF exports ready for board presentations and regulatory audits.
Cryptographically signed, tamper-evident evidence
Every compliance report SentriKat generates is hashed with SHA-256 and signed with HMAC. An auditor can verify — independently, offline — that the evidence in front of them hasn't been altered since SentriKat produced it. Most scanners export unsigned PDFs that anyone can edit without a trace.
SHA-256 content hash
Each report carries a fingerprint of its exact contents. Change a single character and the hash no longer matches — instant, mathematical tamper-evidence.
HMAC signature
The hash is signed with a keyed HMAC, tying each report to your SentriKat instance. Verifiable offline — no SaaS call-home, no third party in the loop.
Independently verifiable
Hand the PDF or JSON to your auditor with the verification steps. They confirm the integrity themselves — evidence that stands on its own, no trust in us required.
Signed reports, mapped to the controls your auditor checks
Multi-source vulnerability intelligence
No single point of failure. SentriKat enriches every CVE from 6+ authoritative databases with automatic fallback.
| Source | Purpose | EU Relevance |
|---|---|---|
| CISA KEV | Known exploited vulnerabilities | US-maintained, globally adopted |
| ENISA EUVD | EU exploited vulnerabilities + CVSS | NIS2 Article 12 mandated |
| NVD (NIST) | Primary CVSS scoring | Industry standard baseline |
| CVE.org + Vulnrichment | Secondary CVSS, CNA-provided scores | CISA ADP fallback |
| FIRST EPSS | Exploitation probability scoring | Prioritization model |
| OSV.dev | Open-source vulnerability data | Vendor advisory aggregation |
SentriKat vs. enterprise scanners for NIS2
Purpose-built for European compliance, not retrofitted from US-centric products.
| Capability | SentriKat | Enterprise Scanners |
|---|---|---|
| Deployment | 100% on-premises | Cloud-first (US-hosted) |
| ENISA EUVD | Native integration | Not available |
| CVSS sources | 3 sources + auto-fallback | NVD only |
| NIS2 compliance reports | Built-in, Article 21 | Generic / add-on module |
| Data sovereignty | Full EU control | US Cloud Act exposure |
| Source code audit | Available | Proprietary / closed |
| Pricing | €4,999/yr all-inclusive | $10,000+/module/yr |
EU and international compliance frameworks
Honest about what this is
SentriKat produces auditor-ready gap analysis and evidence for the vulnerability-management parts of NIS2, DORA, PCI-DSS, ISO 27001 and SOC 2 — finding, prioritising and tracking the fix of vulnerabilities, then documenting it in signed reports. It hands your auditor clean, verifiable proof and makes their job faster. It is not a certification, and no tool can make you "compliant" on its own. We'd rather tell you that up front than oversell it — that's the kind of vendor we want to be.
Ready for NIS2 compliance?
Deploy SentriKat on-premises, import your inventory, and generate your first NIS2 compliance report — all in under an hour.