Sample report — fictional company data. Every norppa.io plan includes 100+ automated checks on all monitored domains — passive OSINT and HTTP security checks — running daily automatically.

NIS2 Supply Chain Intelligence Report

Acme Manufacturing Oy

Reporting period: March 2026 · Generated 1 April 2026

61/100

NIS2 Risk Score

Needs attention

-13 (vs 74 last month)

Summary

Critical

High

Medium

Info

5 suppliers monitored across 100+ automated checks daily. 2 critical findings require immediate action — one supplier appeared on an active threat actor victim list and another has employee credentials circulating in dark web markets. 3 high-severity infrastructure issues and 2 medium findings require remediation within 7 days. NIS2 articles 21(2)(d), 21(2)(e), 21(2)(h) and 21(2)(i) have active findings.

AI Executive Summary

Acme Manufacturing's NIS2 supply chain risk posture has deteriorated this period, with a score decline from 74 to 62 driven by two critical-severity findings requiring immediate executive attention.

The most significant threat is the active ransomware victim listing for Acme Logistics Oy. The threat actor group behind this campaign is known for maintaining persistent access and selling network entry to secondary actors when primary ransom negotiations fail. All integration points — APIs, file transfers, shared authentication systems — between your organisation and Acme Logistics should be treated as potentially compromised until the supplier provides a verified containment report. Simultaneously, 14 employee credentials from Nordic Cloud Services are circulating in dark web infostealer markets, creating a multi-vector exposure risk for any shared cloud environments or VPN endpoints.

From a NIS2 compliance perspective, four articles carry active findings this period: Art. 21(2)(d) (supply chain risk management), 21(2)(e) (incident reporting obligations), 21(2)(h) (cryptographic controls — TLS expiry), and 21(2)(i) (access control — credential hygiene). Immediate documented risk assessments are required under Art. 21(2)(d) and 21(2)(e). The TLS certificate expiry on databridge.fi in 6 days presents a hard deadline — failure to renew will cause service disruption and constitutes a compliance gap under Art. 21(2)(h).

Grounded in the raw findings below — every claim is auditable.

Priority actions

Acme Logistics Oy — ransomware victim listing: contact supplier immediately and review data flows. Engage incident response.

Critical

Nordic Cloud Services — 14 employee credentials on dark web: notify supplier, require password rotation and MFA enforcement.

Critical

DataBridge Finland — TLS certificate expires in 6 days: ask the supplier to renew immediately to avoid service disruption.

High

Acme Logistics Oy — high-risk country infrastructure: request supplier's infrastructure documentation and review NIS2 Art. 21(2)(d) obligations.

High

Nordic Cloud Services — DMARC missing: ask the supplier to publish a DMARC record to prevent domain spoofing.

High

NIS2 article compliance status

Art. 21(2)(d)

Supply chain

Supply chain security & third-party measures

1 finding

Art. 21(2)(e)

Risk management

Risk management in network & information systems

3 findings

Art. 21(2)(h)

Cryptography

Cryptography, TLS, and certificate hygiene

4 findings

Art. 21(2)(i)

Credentials

Human resources security & credential management

1 finding

Art. 23

Incident reporting

Incident reporting & vulnerability disclosure

1 finding

Active findings (9)

CriticalActive ransomware victim listing detectedArt. 21(2)(e)

Acme Logistics Oy · acme-logistics.fi · Detected 15 Mar 2026

The supplier domain appeared on an active threat actor victim list. Data exfiltration is claimed by the threat group.

AI threat context

Exploit scenario: The threat group maintains active access to the supplier's systems and is likely deploying additional payloads or staging further exfiltration. Ransomware groups routinely sell network access to other threat actors if primary negotiations fail.

Business risk: Any system your organisation shares with this supplier — APIs, file transfers, VPNs — must be treated as potentially compromised until the supplier confirms containment. NIS2 Art. 21(2)(e) requires you to document your risk assessment of this supplier relationship immediately.

Remediation: Contact the supplier immediately. Engage an incident response team. Assume services may be partially compromised and review data flows between your organisation and this supplier.

CriticalDark web — employee credentials leakedArt. 21(2)(i)

Nordic Cloud Services · nordiccloud.fi · Detected 18 Mar 2026

Employee credentials for this domain are circulating in dark web markets, captured by an infostealer campaign. 14 unique accounts identified.

AI threat context

Exploit scenario: Infostealer-harvested credentials are sold on dark web markets within hours of capture and used for credential stuffing, session hijacking, and pivoting into corporate VPNs or cloud environments. With 14 accounts exposed, attackers have multiple vectors into the supplier's infrastructure.

Business risk: If this supplier uses compromised credentials to access shared systems, your environment may already be at risk. NIS2 Art. 21(2)(i) requires you to verify that suppliers enforce MFA and credential hygiene — document your response and any remediation steps taken.

Remediation: Notify the supplier. Request immediate password rotation and MFA enforcement for all accounts. Verify no shared credentials are used in integrations with your systems.

HighInfrastructure in high-risk countryArt. 21(2)(d)

Acme Logistics Oy · acme-logistics.fi · Detected 1 Mar 2026

Supplier's primary IP resolves to infrastructure registered in a jurisdiction on the EU high-risk third country list. This may represent a supply chain risk under NIS2 Art. 21(2)(d).

Remediation: Request the supplier's infrastructure documentation. Review contractual obligations and data processing agreements in light of NIS2 Art. 21(2)(d) supply chain security requirements.

HighTLS certificate expires in 6 daysArt. 21(2)(h)

DataBridge Finland · databridge.fi · Detected 24 Mar 2026

The TLS certificate for databridge.fi expires on 30 March 2026. Services will become unreachable or show browser security warnings to end users after expiry.

Remediation: Ask the supplier to renew the TLS certificate immediately. Automated renewal via ACME/Let's Encrypt is recommended to prevent future expiry.

HighDMARC policy missingArt. 21(2)(h)

Nordic Cloud Services · nordiccloud.fi · Detected 1 Mar 2026

No DMARC record is published for this domain. The domain can be spoofed in phishing campaigns targeting your organisation and the supplier's customers.

Remediation: Ask the supplier to publish a DMARC record. Start with p=none to collect aggregate reports, then tighten to p=quarantine or p=reject.

HighKnown vulnerabilities detected (CVE)Art. 21(2)(e)

Acme Logistics Oy · acme-logistics.fi · Detected 2 Mar 2026

2 CVEs detected on internet-facing infrastructure. CVE-2023-44487 (HTTP/2 Rapid Reset, CVSS 7.5) is rated high and has known public exploits.

Remediation: Ask the supplier to apply available security patches for the identified CVEs immediately, prioritising vulnerabilities with known public exploits.

MediumDNSSEC not enabledArt. 21(2)(h)

SupplyLink Partners · supplylink.eu · Detected 1 Mar 2026

DNSSEC is not configured. DNS responses cannot be cryptographically authenticated, leaving the domain exposed to DNS spoofing attacks.

Remediation: Ask the supplier to enable DNSSEC at their domain registrar to authenticate DNS responses against tampering.

Mediumsecurity.txt missing (NIS2 Art. 23)Art. 23

DataBridge Finland · databridge.fi · Detected 1 Mar 2026

No security.txt file found at /.well-known/security.txt. NIS2 Art. 23 requires organisations to have a reachable vulnerability disclosure channel.

Remediation: Ask the supplier to create a security.txt file at /.well-known/security.txt with a security contact address and policy URL.

InfoHTTP security header missing

SupplyLink Partners · supplylink.eu · Detected 1 Mar 2026

Content-Security-Policy header is absent on the main web property. This increases exposure to cross-site scripting and content injection attacks.

Remediation: Ask the supplier to configure HTTP security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security.

Want this report for your own supplier network?

Start free trial — no credit card

Supplier risk overview

Supplier	Domain	Security score	Critical	High
Acme Logistics Oy	acme-logistics.fi	22	2	1
Nordic Cloud Services	nordiccloud.fi	48	1	1
DataBridge Finland	databridge.fi	64	—	1
SupplyLink Partners	supplylink.eu	81	—	—
Vantage IT Oy	vantage-it.fi	97	—	—

Your own environment

acme-manufacturing.fi

Last scanned: 31 Mar 2026

78/100

Security score

Mediumsecurity.txt missing (NIS2 Art. 23)Art. 23

No security.txt file found at /.well-known/security.txt. NIS2 Art. 23 requires a reachable vulnerability disclosure channel.

Remediation: Create a security.txt at /.well-known/security.txt with a security contact address and policy URL.

MediumDNSSEC not enabledArt. 21(2)(h)

DNSSEC is not configured for your domain. DNS responses cannot be cryptographically authenticated.

Remediation: Enable DNSSEC at your domain registrar to authenticate DNS responses against tampering.

Your own domain receives the same 100+ automated checks as your suppliers — passive OSINT and HTTP security checks daily. Full Scan add-on (if enabled) adds a monthly external security assessment on this domain.

Supplier Self-Assessments (SAQ)

Suppliers complete a 28-question NIS2 self-assessment. Responses are scored automatically and visible here alongside automated findings — two layers of compliance evidence in one report.

Supplier	SAQ score	Status
Acme Logistics Oy	—	Awaiting response
Nordic Cloud Services	61/100	Submitted · 20 Mar 2026
DataBridge Finland	74/100	Submitted · 8 Mar 2026
SupplyLink Partners	—	Not sent
Vantage IT Oy	91/100	Submitted · 5 Mar 2026

Nordic Cloud Services

[email protected] · 20 Mar 2026

61/100

SAQ score

Section breakdown

Governance & Security Policies

Art. 21(2)(a)

Access Control & Authentication

Art. 21(2)(i)(j)

Incident Response & Disclosure

Art. 21(2)(b), Art. 23

Data Protection & Cryptography

Art. 21(2)(h)

Business Continuity

Art. 21(2)(c)

Supply Chain & Third Parties

Art. 21(2)(d)

Vulnerability Management

Art. 21(2)(e)(g)

Analyst note: SAQ reveals MFA not enforced on all accounts and no tested incident response plan — consistent with the dark web credential leak detected in automated monitoring.

Monitoring methodology

Over 100 automated checks run daily on all monitored domains, with ransomware and dark-web monitoring every 6 hours. Checks cover: ransomware victim lists (multiple threat intelligence feeds), dark web infostealer credential leaks, TLS/certificate health and expiry, DNS integrity (SPF, DMARC, DKIM, DNSSEC), DNSSEC validation chain, MX server DNS blacklist status, email security posture and spoofability scoring (TLS-RPT, MTA-STS, BIMI, composite BEC risk), cookie security flags (Secure, HttpOnly, SameSite), robots.txt and sitemap sensitive path exposure, IP geolocation and high-risk country detection, known vulnerability exposure (CVE/EPSS), AiTM phishing infrastructure detection via Certificate Transparency logs, RPKI/BGP route origin validation, business registry and LEI status (PRH, GLEIF), dangling CNAME and MX record detection, SBOM/CSAF reference detection, security.txt presence, security headers, HTTPS redirect verification, and website change detection.

New for 2026

post-quantum TLS readiness fingerprinting (NIST FIPS 203 ML-KEM hybrid suites), Model Context Protocol (MCP) endpoint exposure detection, JavaScript bundle secret scanning (API keys, tokens), AI vendor inventory for EU AI Act Art. 26 deployer obligations, GraphQL introspection and OpenAPI exposure checks, and DORA Register of Information export (Annex III B_02.03 + B_05.01). All findings mapped to NIS2 articles automatically.

Scans run daily. Last scan: 7 May 2026 00:00 UTC.

Get this report for your supplier network

New suppliers are queued for scanning immediately. Monthly NIS2 compliance reports generated automatically after each scan cycle — with AI executive summary. No agents to install.

See pricing →