
Knowledge base
October 01, 2025
Cbw (NIS2) Control Framework.
Intro: New law, new requirements for Dutch organizations
From 2025, the Cyberbeveiligingswet (Cbw), the Dutch translation of the European NIS2 directive, will come into force. This means: higher requirements for digital resilience, more responsibilities for administrators and stricter enforcement. The government therefore launched the Cbw (NIS2) Control Framework – a new tool that helps to be compliant as well as resilient.
At ALTA-ICT, we understand how complex laws and regulations can be for SMEs, IT managers and government agencies. With our ISO27001, ISO9001 and NEN7510 certifications, we help organizations get started right away with this framework – including sector-specific requirements such as BIO and DORA.
What is the Cbw (NIS2) Control Framework?
The visual below shows at a glance what the Cbw (NIS2) Control Framework entails and how it works:
- Essential and important entities in NIS2 sectors are the target audience
- Requirements from the Cbw and Cbb are translated into concrete management measures
- Modular design enables industry-specific requirements, such as BIO2 and DORA
- Objectives are assessed through a maturity model
- Results are visually displayed in a radar plot, including gaps
- The whole approach aligns with the PCDA cycle according to ISO standards
So the framework is not only strong in content, but also visually clear and actionable.
How do you implement the Cbw Framework in your organization?
Step 1: Assessment & Analysis
Use the framework as a baseline: find out where you stand in terms of Cbw/Cbb compliance. ALTA-ICT helps with a GAP analysis and maturity score.
Step 2: Sector-specific setup
Integrate requirements such as BIO (government) or DORA (financial). Choose from modules tailored to your sector and organization size.
Step 3: Implementation & governance
Use the radar plots from the framework for prioritization. Work with concrete KPIs and establish improvement plans.
Step 4: Monitoring and optimization
Apply the PCDA cycle as proposed in the framework, using ISO methodology as a basis.
The challenge: why waiting increases risk
No action = increased risk. Administrators will soon be held personally responsible for digital resilience. Without preparation:
-
Fines at non-compliance
-
Risk of data breach and disruption
-
No access to certain contracts or government contracts
ALTA-ICT offers guidance from the field:
- Practically applicable framework
- Instant insight into maturity and gaps
- Guidance with ISO/NEN certification as a basis
ROI: What does compliance with Cbw yield?
-
60% reduction in cyber risks
-
Better audit results and insurability
-
Faster access to market (especially government)
-
Strengthens trust with customers and partners
Example: a Dutch government agency obtained BIO compliance within 3 months thanks to deployment of the Cbw Framework and guidance from ALTA-ICT.
Why ALTA-ICT?
-
ISO27001 | ISO9001 | NEN7510 certified
-
Experience with NIS2 implementations in public and private sectors
-
Sector-specific modules tailored to the Dutch market
-
Visual tooling for maturity, gap analysis and radar plots
-
Local consultants, short lines, direct action
Frequently asked questions (FAQ)
Is the use of this framework mandatory?
No, but it is the recommended method for quick and structured compliance with Cbw.
Who is it intended for?
For all organizations covered by NIS2: healthcare, finance, energy, government, transportation, etc.
Is it also suitable for SMEs?
Yes, the modular structure makes it scalable. A simplified version for SMEs is available.
How does this fit within existing processes?
The framework aligns with ISO/PCDA processes and can be integrated with existing audit systems.
What if our organization already has ISO27001/NEN7510?
Perfect! The framework builds on existing standards and connects directly to them.
Conclusion: start now = prepared later
The Cbw is coming. The Cbw (NIS2) Control Framework already offers you everything you need to be compliant and secure. Insight, structure, visualization and action.
Schedule a consultation with ALTA-ICT today. alta-ict.co.uk/agreements
Reference
¹https://www.auditdienstrijk.nl/kennis-delen/onze-tools/cbw-nis2-control-framework
²https://www.auditdienstrijk.nl/documenten/2025/september/30/cbw-nis2-control-framework
Want to know more?

Related
blogs
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.